Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1612

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-1612
Last Modified 27 Jul 2013 01:44:16
Published 01 Apr 2008 01:44:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1612

Summary

The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239.

Vulnerable Systems

Application

  • Squid 2.6.stable17


References

CONFIRM - http://www.squid-cache.org/Advisories/SQUID-2007_2.txt

MISC - http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch

MLIST - [oss-security] 20080401 CVE id request: squid

MANDRIVA - MDVSA-2008:134

DEBIAN - DSA-1646

GENTOO - GLSA-200903-38

SECUNIA - 34467

SECUNIA - 32109

MLIST - [squid-announce[ 20080322 Advisory Squid-2007:2 updated

FEDORA - FEDORA-2008-2740

XF - squid-arrayshrink-dos(41586)

UBUNTU - USN-601-1

BID - 28693

REDHAT - RHSA-2008:0214

SECUNIA - 30032

SECUNIA - 29813

SECUNIA - 27477

SUSE - SUSE-SR:2008:011

Related Patches

Red Hat 2008:0214-03 RHSA Moderate: squid security update for RHEL 5 x86

Novell SUSE 2008:5157 squid security update for SLE 10 SP1 i586


Last Updated: 27 May 2016 10:47:36