CVE-2010-0639
Published: 15 February 2010
The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.
Notes
Author | Note |
---|---|
mdeslaur | code not present in dapper (It's actually the htcpHandleClr function that is being patched here) |
Priority
Status
Package | Release | Status |
---|---|---|
squid Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(2.5.12-4ubuntu2.5)
|
hardy |
Released
(2.6.18-1ubuntu3.2)
|
|
intrepid |
Released
(2.7.STABLE3-1ubuntu2.3)
|
|
jaunty |
Released
(2.7.STABLE3-4.1ubuntu1.2)
|
|
karmic |
Released
(2.7.STABLE6-2ubuntu2.2)
|
|
lucid |
Released
(2.7.STABLE7-1ubuntu6)
|
|
maverick |
Released
(2.7.STABLE7-1ubuntu6)
|
|
natty |
Released
(2.7.STABLE7-1ubuntu6)
|
|
oneiric |
Released
(2.7.STABLE7-1ubuntu6)
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch |
||
squid3 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Ignored
(end of life, was needed)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Released
(3.0.STABLE19-1ubuntu0.2)
|
|
maverick |
Not vulnerable
(3.1.5-2)
|
|
natty |
Not vulnerable
(3.1.5-2)
|
|
oneiric |
Not vulnerable
(3.1.5-2)
|
|
upstream |
Released
(3.0.STABLE24)
|
|
Patches: upstream: http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patch |