Rapid7 Vulnerability & Exploit Database

RHSA-2001:113: New squid packages available to fix FTP-based DoS

Back to Search

RHSA-2001:113: New squid packages available to fix FTP-based DoS

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
12/06/2001
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

New squid packages are available that fix a potential DoS in Squid's FTP handling code. It is recommened that squid users update to the fixed packages. The packages for Red Hat Linux 6.2 also fix the problem described in RHSA-2001:097-04; it was later discovered that Red Hat Linux 6.2 is vulnerable to the same problem in accelerator-only mode. 2001-10-22: Packages are now available for Red Hat Linux 7.2.

Certain FTP requests could cause the Squid daemon to abort, making it unavailable for a period of seconds. If enough of these requests are sent in a short period of time, the Squid daemon will not be restarted. Thanks go to Vladimir Ivaschenko for bringing this to our attention, and to Henrik Nordstrom and the Squid team for providing a fix.

Solution(s)

  • redhat-upgrade-squid

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;