Rapid7 Vulnerability & Exploit Database

RHSA-2011:1293: squid security update

Back to Search

RHSA-2011:1293: squid security update

Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
09/06/2011
Created
07/25/2018
Added
09/20/2011
Modified
07/04/2017

Description

Squid is a high-performance proxy caching server for web clients,supporting FTP, Gopher, and HTTP data objects.A buffer overflow flaw was found in the way Squid parsed replies fromremote Gopher servers. A remote user allowed to send Gopher requests to aSquid proxy could possibly use this flaw to cause the squid child processto crash or execute arbitrary code with the privileges of the squid user,by making Squid perform a request to an attacker-controlled Gopher server.(CVE-2011-3205)Users of squid should upgrade to this updated package, which contains abackported patch to correct this issue. After installing this update, thesquid service will be restarted automatically.

Solution(s)

  • redhat-upgrade-squid
  • redhat-upgrade-squid-debuginfo

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;