Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0189

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2013-0189
Last Modified 06 Feb 2014 11:44:34
Published 08 Feb 2013 03:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-0189

Summary

cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison.

Vulnerable Systems

Operating System

  • Canonical Ubuntu Linux 10.04

  • Canonical Ubuntu Linux 11.10

  • Canonical Ubuntu Linux 12.04

  • Canonical Ubuntu Linux 12.10

Application

  • Squid-cache Squid 3.1

  • Squid-cache Squid 3.1.0.1

  • Squid-cache Squid 3.1.0.10

  • Squid-cache Squid 3.1.0.11

  • Squid-cache Squid 3.1.0.12

  • Squid-cache Squid 3.1.0.13

  • Squid-cache Squid 3.1.0.14

  • Squid-cache Squid 3.1.0.15

  • Squid-cache Squid 3.1.0.16

  • Squid-cache Squid 3.1.0.17

  • Squid-cache Squid 3.1.0.18

  • Squid-cache Squid 3.1.0.2

  • Squid-cache Squid 3.1.0.3

  • Squid-cache Squid 3.1.0.4

  • Squid-cache Squid 3.1.0.5

  • Squid-cache Squid 3.1.0.6

  • Squid-cache Squid 3.1.0.7

  • Squid-cache Squid 3.1.0.8

  • Squid-cache Squid 3.1.0.9

  • Squid-cache Squid 3.1.1

  • Squid-cache Squid 3.1.10

  • Squid-cache Squid 3.1.11

  • Squid-cache Squid 3.1.12

  • Squid-cache Squid 3.1.13

  • Squid-cache Squid 3.1.14

  • Squid-cache Squid 3.1.15

  • Squid-cache Squid 3.1.2

  • Squid-cache Squid 3.1.22

  • Squid-cache Squid 3.1.3

  • Squid-cache Squid 3.1.4

  • Squid-cache Squid 3.1.5

  • Squid-cache Squid 3.1.5.1

  • Squid-cache Squid 3.1.6

  • Squid-cache Squid 3.1.7

  • Squid-cache Squid 3.1.8

  • Squid-cache Squid 3.1.9

  • Squid-cache Squid 3.2.0.1

  • Squid-cache Squid 3.2.0.10

  • Squid-cache Squid 3.2.0.11

  • Squid-cache Squid 3.2.0.12

  • Squid-cache Squid 3.2.0.13

  • Squid-cache Squid 3.2.0.14

  • Squid-cache Squid 3.2.0.15

  • Squid-cache Squid 3.2.0.16

  • Squid-cache Squid 3.2.0.17

  • Squid-cache Squid 3.2.0.18

  • Squid-cache Squid 3.2.0.19

  • Squid-cache Squid 3.2.0.2

  • Squid-cache Squid 3.2.0.3

  • Squid-cache Squid 3.2.0.4

  • Squid-cache Squid 3.2.0.5

  • Squid-cache Squid 3.2.0.6

  • Squid-cache Squid 3.2.0.7

  • Squid-cache Squid 3.2.0.8

  • Squid-cache Squid 3.2.0.9

  • Squid-cache Squid 3.2.1

  • Squid-cache Squid 3.2.2

  • Squid-cache Squid 3.2.3

  • Squid-cache Squid 3.2.4


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=895972

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=887962#c9

UBUNTU - USN-1713-1

MISC - http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2012_1.patch

MISC - http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2012_1.patch

BID - 57646

SECUNIA - 52024

MLIST - [scm-commits] 20130125 [squid/f17] CVE-2013-0189: Incomplete fix for the CVE-2012-5643

CONFIRM - http://bazaar.launchpad.net/~squid/squid/3.2/revision/11744

CONFIRM - http://bazaar.launchpad.net/~squid/squid/3.2/revision/11743

DEBIAN - DSA-2631

SECUNIA - 54839

SUSE - openSUSE-SU-2013:1436

SUSE - openSUSE-SU-2013:1443

CONFIRM - https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0029

MANDRIVA - MDVSA-2013:129


Last Updated: 27 May 2016 11:01:49