|
|
|||
| Rule General Information |
|---|
| Release Date: | 2018-11-12 | |
| Rule Name: | Squid Proxy SNMP Query Rejection Denial of Service Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | A denial of service vulnerability has been reported in the SNMP component of Squid Proxy. The vulnerability is due to a memory leak in SNMP query rejection code. A remote attacker can exploit this vulnerability by sending a large number of SNMP queries to the target system. Affected versions: 3.2.0.10 to 3.5.28 and 4.x prior to 4.4 | |
| Impact: | An attacker can launch a denial of service attack by exploiting the vulnerability successfully. | |
| Affected OS: | Network Device, Solaris, FreeBSD, Windows, Mac OS, iOS, Other Unix, Linux, Others, Android | |
| Reference: | http://www.squid-cache.org/Advisories/SQUID-2018_5.txt https://cwe.mitre.org/data/definitions/401.html |
|
| Solutions |
|---|
| This bug is fixed by Squid version 4.4. In addition, patches addressing this problem for the stable releases can be found in our patch archives: Squid 3.5: Squid 4: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-bc9786119f058a76ddf0625424bc33d36460b9a2.patch http://www.squid-cache.org/Versions/v4/changesets/squid-4-983c5c36e5f109512ed1af38a329d0b5d0967498.patch |