Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0918

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-0918
Last Modified 07 Mar 2011 12:00:00
Published 27 Jan 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0918

Summary

The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.

Vulnerable Systems

Operating System

  • Gentoo Linux

  • Redhat Fedora Core Core 2.0

  • Trustix Secure Linux 1.5

  • Trustix Secure Linux 2.0

  • Trustix Secure Linux 2.1

  • Ubuntu Linux 4.1

Application

  • Openpkg 2.1

  • Openpkg 2.2

  • Openpkg Current

  • Squid 2.0 Patch2

  • Squid 2.1 Patch2

  • Squid 2.3 .stable4

  • Squid 2.3 .stable5

  • Squid 2.4

  • Squid 2.4 .stable2

  • Squid 2.4 .stable6

  • Squid 2.4 .stable7

  • Squid 2.5 .stable1

  • Squid 2.5 .stable3

  • Squid 2.5 .stable4

  • Squid 2.5 .stable5

  • Squid 2.5 .stable6

  • Squid 3.0 Pre1

  • Squid 3.0 Pre2

  • Squid 3.0 Pre3


References

BID - 11385

REDHAT - RHSA-2004:591

FEDORA - FEDORA-2008-6045

XF - squid-snmp-asnparseheader-dos(17688)

VUPEN - ADV-2008-1969

CONFIRM - http://www.squid-cache.org/Advisories/SQUID-2008_1.txt

CONFIRM - http://www.squid-cache.org/Advisories/SQUID-2004_3.txt

IDEFENSE - 20041011 Squid Web Proxy Cache Remote Denial of Service Vulnerability

GENTOO - GLSA-200410-15

SECUNIA - 30967

SECUNIA - 30914

OPENPKG - OpenPKG-SA-2004.048

SUSE - SUSE-SR:2008:014

SCO - SCOSA-2005.16


Last Updated: 27 May 2016 10:38:48