FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-0918

This CVE name corresponds to:

Entered Topic
2004-10-12 squid -- SNMP module denial-of-service vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2004-0918 at cve.mitre.org

Details

Type Candidate
Name CVE-2004-0918
Phase Assigned(20040927)

Description

The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.

References

Source Reference
IDEFENSE 20041011 Squid Web Proxy Cache Remote Denial of Service Vulnerability
CONFIRM http://www.squid-cache.org/Advisories/SQUID-2004_3.txt
CONFIRM http://www.squid-cache.org/Advisories/SQUID-2008_1.txt
CONECTIVA CLA-2005:923
FEDORA FLSA-2006:152809
FEDORA FEDORA-2008-6045
GENTOO GLSA-200410-15
REDHAT RHSA-2004:591
SCO SCOSA-2005.16
OPENPKG OpenPKG-SA-2004.048
SUSE SUSE-SR:2008:014
BID 11385
OVAL oval:org.mitre.oval:def:10931
VUPEN ADV-2008-1969
SECUNIA 30914
SECUNIA 30967
XF squid-snmp-asnparseheader-dos(17688)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.