CVE-2009-0478: Input Validation
First published: Thu Feb 05 2009(Updated: )
A denial of service flaw was found in the way squid handles certain client initiated requests. A client who can connect to the squid server could leverage this flaw to cause the squid child process to terminate. This would prevent anyone from using the squid server until the process automatically restarts.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Squid Web Proxy Cache | =3.0.stable8 | |
| Squid Web Proxy Cache | =3.0.stable9 | |
| Squid Web Proxy Cache | =3.1.0.2 | |
| Squid Web Proxy Cache | =2.7.stable3 | |
| Squid Web Proxy Cache | =3.0.stable3 | |
| Squid Web Proxy Cache | =3.1 | |
| Squid Web Proxy Cache | =3.0.stable1 | |
| Squid Web Proxy Cache | =3.0.stable10 | |
| Squid Web Proxy Cache | =3.0.stable12 | |
| Squid Web Proxy Cache | =2.7.stable4 | |
| Squid Web Proxy Cache | =3.0.stable7 | |
| Squid Web Proxy Cache | =2.7.stable5 | |
| Squid Web Proxy Cache | =3.0.stable6 | |
| Squid Web Proxy Cache | =2.7.stable2 | |
| Squid Web Proxy Cache | =3.1.0.1 | |
| Squid Web Proxy Cache | =3.0.stable2 | |
| Squid Web Proxy Cache | =3.0.stable4 | |
| Squid Web Proxy Cache | =3.0.stable11 | |
| Squid Web Proxy Cache | =2.7.stable1 | |
| Squid Web Proxy Cache | =3.0.stable5 | |
| Squid Web Proxy Cache | =3.1.0.3 | |
| Squid Web Proxy Cache | =3.1.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://admin.fedoraproject.org/updates/squid-3.0.STABLE13-1.fc10
- https://admin.fedoraproject.org/updates/squid-3.0.STABLE13-1.fc9
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0478
- https://admin.fedoraproject.org/updates/F10/FEDORA-2009-1526
- https://admin.fedoraproject.org/updates/F9/FEDORA-2009-1517
- https://bugzilla.redhat.com/show_bug.cgi?id=484246
- http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch
- http://www.squid-cache.org/Advisories/SQUID-2009_1.txt
- http://www.securityfocus.com/bid/33604
- http://www.securitytracker.com/id?1021684
- http://secunia.com/advisories/33731
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:034
- http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html
- http://security.gentoo.org/glsa/glsa-200903-38.xml
- http://secunia.com/advisories/34467
- https://www.exploit-db.com/exploits/8021
- http://www.securityfocus.com/archive/1/500653/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2009-0478?
CVE-2009-0478 is classified as a denial of service vulnerability.
How do I fix CVE-2009-0478?
To fix CVE-2009-0478, upgrade to a patched version of Squid, specifically updates beyond 3.0.STABLE13.
Which versions of Squid are affected by CVE-2009-0478?
CVE-2009-0478 affects Squid versions 2.7.stable1 through 2.7.stable5 and 3.0.stable1 through 3.0.stable12.
Can CVE-2009-0478 allow remote users to crash the Squid server?
Yes, CVE-2009-0478 allows remote users to crash the Squid server through specially crafted requests.
What type of applications are impacted by CVE-2009-0478?
CVE-2009-0478 impacts applications using Squid as a proxy, potentially leading to service interruption.
- collector/redhat-bugzilla
- alias/CVE-2009-0478
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/squid
- canonical/squid web proxy cache
- version/squid web proxy cache/3.0.stable8
- version/squid web proxy cache/3.0.stable9
- version/squid web proxy cache/3.1.0.2
- version/squid web proxy cache/2.7.stable3
- version/squid web proxy cache/3.0.stable3
- version/squid web proxy cache/3.1
- version/squid web proxy cache/3.0.stable1
- version/squid web proxy cache/3.0.stable10
- version/squid web proxy cache/3.0.stable12
- version/squid web proxy cache/2.7.stable4
- version/squid web proxy cache/3.0.stable7
- version/squid web proxy cache/2.7.stable5
- version/squid web proxy cache/3.0.stable6
- version/squid web proxy cache/2.7.stable2
- version/squid web proxy cache/3.1.0.1
- version/squid web proxy cache/3.0.stable2
- version/squid web proxy cache/3.0.stable4
- version/squid web proxy cache/3.0.stable11
- version/squid web proxy cache/2.7.stable1
- version/squid web proxy cache/3.0.stable5
- version/squid web proxy cache/3.1.0.3
- version/squid web proxy cache/3.1.0.4