ID CVE-2010-0639
Summary The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port. Per: http://cwe.mitre.org/data/definitions/476.html 'NULL Pointer Dereference'
References
Vulnerable Configurations
  • cpe:2.3:a:squid-cache:squid:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:squid-cache:squid:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:squid-cache:squid:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:squid-cache:squid:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:squid-cache:squid:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:squid-cache:squid:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:squid-cache:squid:2.3:*:*:*:*:*:*:*
    cpe:2.3:a:squid-cache:squid:2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:squid-cache:squid:2.4:*:*:*:*:*:*:*
    cpe:2.3:a:squid-cache:squid:2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:squid-cache:squid:2.5:*:*:*:*:*:*:*
    cpe:2.3:a:squid-cache:squid:2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:squid-cache:squid:2.6:*:*:*:*:*:*:*
    cpe:2.3:a:squid-cache:squid:2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:squid-cache:squid:2.7:*:*:*:*:*:*:*
    cpe:2.3:a:squid-cache:squid:2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:squid-cache:squid:2.7:stable3:*:*:*:*:*:*
    cpe:2.3:a:squid-cache:squid:2.7:stable3:*:*:*:*:*:*
  • cpe:2.3:a:squid-cache:squid:2.7:stable4:*:*:*:*:*:*
    cpe:2.3:a:squid-cache:squid:2.7:stable4:*:*:*:*:*:*
  • cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*
    cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*
  • cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*
    cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*
  • cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*
    cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*
  • cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*
    cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*
  • cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*
    cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*
  • cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*
    cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*
  • cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*
    cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*
  • cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*
    cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*
  • cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*
    cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*
  • cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*
    cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*
  • cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*
    cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*
  • cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*
    cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*
  • cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*
    cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*
  • cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*
    cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*
  • cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*
    cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*
  • cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*
    cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*
  • cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*
    cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*
  • cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*
    cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*
  • cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*
    cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*
  • cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*
    cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*
  • cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*
    cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*
  • cpe:2.3:a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:*
    cpe:2.3:a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 02-08-2010 - 04:00)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 38212
confirm http://www.squid-cache.org/Advisories/SQUID-2010_2.txt
fedora
  • FEDORA-2010-2434
  • FEDORA-2010-3064
misc
osvdb 62297
sectrack 1023587
secunia 38812
vupen
  • ADV-2010-0371
  • ADV-2010-0603
statements via4
contributor Tomas Hoger
lastmodified 2010-02-16
organization Red Hat
statement Not vulnerable. This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 3, 4, or 5. Those versions are not compiled with the support for HTCP protocol.
Last major update 02-08-2010 - 04:00
Published 15-02-2010 - 18:30
Back to Top