Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5643

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-5643
Last Modified 06 Feb 2014 11:43:36
Published 20 Dec 2012 07:02:19
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5643

Summary

Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.

Vulnerable Systems

Application

  • Squid-cache Squid 2.0

  • Squid-cache Squid 2.1

  • Squid-cache Squid 2.2

  • Squid-cache Squid 2.3

  • Squid-cache Squid 2.4

  • Squid-cache Squid 2.5

  • Squid-cache Squid 2.6

  • Squid-cache Squid 2.7

  • Squid-cache Squid 3.0

  • Squid-cache Squid 3.0.stable1

  • Squid-cache Squid 3.0.stable10

  • Squid-cache Squid 3.0.stable11

  • Squid-cache Squid 3.0.stable12

  • Squid-cache Squid 3.0.stable13

  • Squid-cache Squid 3.0.stable14

  • Squid-cache Squid 3.0.stable15

  • Squid-cache Squid 3.0.stable16

  • Squid-cache Squid 3.0.stable17

  • Squid-cache Squid 3.0.stable18

  • Squid-cache Squid 3.0.stable19

  • Squid-cache Squid 3.0.stable2

  • Squid-cache Squid 3.0.stable20

  • Squid-cache Squid 3.0.stable21

  • Squid-cache Squid 3.0.stable22

  • Squid-cache Squid 3.0.stable23

  • Squid-cache Squid 3.0.stable24

  • Squid-cache Squid 3.0.stable25

  • Squid-cache Squid 3.0.stable3

  • Squid-cache Squid 3.0.stable4

  • Squid-cache Squid 3.0.stable5

  • Squid-cache Squid 3.0.stable6

  • Squid-cache Squid 3.0.stable7

  • Squid-cache Squid 3.0.stable8

  • Squid-cache Squid 3.0.stable9

  • Squid-cache Squid 3.1

  • Squid-cache Squid 3.1.0.1

  • Squid-cache Squid 3.1.0.10

  • Squid-cache Squid 3.1.0.11

  • Squid-cache Squid 3.1.0.12

  • Squid-cache Squid 3.1.0.13

  • Squid-cache Squid 3.1.0.14

  • Squid-cache Squid 3.1.0.15

  • Squid-cache Squid 3.1.0.16

  • Squid-cache Squid 3.1.0.17

  • Squid-cache Squid 3.1.0.18

  • Squid-cache Squid 3.1.0.2

  • Squid-cache Squid 3.1.0.3

  • Squid-cache Squid 3.1.0.4

  • Squid-cache Squid 3.1.0.5

  • Squid-cache Squid 3.1.0.6

  • Squid-cache Squid 3.1.0.7

  • Squid-cache Squid 3.1.0.8

  • Squid-cache Squid 3.1.0.9

  • Squid-cache Squid 3.1.1

  • Squid-cache Squid 3.1.10

  • Squid-cache Squid 3.1.11

  • Squid-cache Squid 3.1.12

  • Squid-cache Squid 3.1.13

  • Squid-cache Squid 3.1.14

  • Squid-cache Squid 3.1.15

  • Squid-cache Squid 3.1.16

  • Squid-cache Squid 3.1.17

  • Squid-cache Squid 3.1.18

  • Squid-cache Squid 3.1.19

  • Squid-cache Squid 3.1.2

  • Squid-cache Squid 3.1.20

  • Squid-cache Squid 3.1.21

  • Squid-cache Squid 3.2.0.1

  • Squid-cache Squid 3.2.0.10

  • Squid-cache Squid 3.2.0.11

  • Squid-cache Squid 3.2.0.12

  • Squid-cache Squid 3.2.0.13

  • Squid-cache Squid 3.2.0.14

  • Squid-cache Squid 3.2.0.15

  • Squid-cache Squid 3.2.0.16

  • Squid-cache Squid 3.2.0.17

  • Squid-cache Squid 3.2.0.18

  • Squid-cache Squid 3.2.0.19

  • Squid-cache Squid 3.2.0.2

  • Squid-cache Squid 3.2.0.3

  • Squid-cache Squid 3.2.0.4

  • Squid-cache Squid 3.2.0.5

  • Squid-cache Squid 3.2.0.6

  • Squid-cache Squid 3.2.0.7

  • Squid-cache Squid 3.2.0.8

  • Squid-cache Squid 3.2.0.9

  • Squid-cache Squid 3.2.1

  • Squid-cache Squid 3.2.2

  • Squid-cache Squid 3.2.3

  • Squid-cache Squid 3.3.0.1


References

CONFIRM - http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11714.patch

CONFIRM - http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10479.patch

CONFIRM - http://www.squid-cache.org/Advisories/SQUID-2012_1.txt

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=887962

CONFIRM - https://bugs.gentoo.org/show_bug.cgi?id=447596

MLIST - [oss-security] 20121217 Re: CVE Request -- SQUID-2012:1 / Squid: DoS (excessive resource consumption) via invalid Content-Length headers or via memory leaks

SUSE - openSUSE-SU-2013:0186

SUSE - openSUSE-SU-2013:0162

UBUNTU - USN-1713-1

SECUNIA - 52024

DEBIAN - DSA-2631

REDHAT - RHSA-2013:0505

SECTRACK - 1027890

SECUNIA - 54839

SUSE - openSUSE-SU-2013:1436

SUSE - openSUSE-SU-2013:1443

CONFIRM - https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0368

MANDRIVA - MDVSA-2013:129

Related Patches

Novell SUSE 2013:8464 squid security update for SLE 10 SP4 i586

Novell SUSE 2013:8464 squid security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 11:01:28