FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-6239

This CVE name corresponds to:

Entered Topic
2007-12-04 Squid -- Denial of Service Vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2007-6239
Phase Assigned(20071204)

Description

The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.

References

Source Reference
CONFIRM http://www.squid-cache.org/Advisories/SQUID-2007_2.txt
CONFIRM http://www.squid-cache.org/Versions/v2/2.6/changesets/11780.patch
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=410181
CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=201209
DEBIAN DSA-1482
FEDORA FEDORA-2007-4161
FEDORA FEDORA-2007-4170
GENTOO GLSA-200801-05
GENTOO GLSA-200903-38
MANDRIVA MDVSA-2008:002
REDHAT RHSA-2007:1130
SUSE SUSE-SR:2008:001
UBUNTU USN-565-1
CERT-VN VU#232881
BID 26687
OVAL oval:org.mitre.oval:def:10915
SECUNIA 34467
VUPEN ADV-2007-4066
SECTRACK 1019036
SECUNIA 27910
SECUNIA 28091
SECUNIA 28109
SECUNIA 28350
SECUNIA 28381
SECUNIA 28403
SECUNIA 28412
SECUNIA 28814