Vigil@nce - Squid: multiple vulnerabilities
November 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Squid.
Impacted products: Squid
Severity: 1/4
Creation date: 04/11/2014
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Squid.
An attacker can create a memory leak in by issuing requests from
client machines which do not have reachable ident server, in order
to trigger a denial of service. [severity:1/4]
An attacker who controls an auxiliary program (know of Squid as an
external_acl_type helper), can disable cache for its responses,
and so create a memory leak, in order to trigger a denial of
service. [severity:1/4]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Squid-multiple-vulnerabilities-15582