Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.800965 |
Category: | Buffer overflow |
Title: | SquidGuard Multiple Buffer Overflow Vulnerabilities |
Summary: | The host is installed with SquidGuard and is prone to multiple; Buffer Overflow vulnerabilities. |
Description: | Summary: The host is installed with SquidGuard and is prone to multiple Buffer Overflow vulnerabilities. Vulnerability Insight: - A boundary error occurs in 'sgLog.c' while handling overly long URLs with multiple '/' characters while operating in the emergency mode. - Multiple buffer overflow errors occur in 'sg.h.in' and 'sgDiv.c.in' while processing overly long URLs and can be exploited to bypass the URL filter. Vulnerability Impact: Remote attackers can exploit this issue to bypass the filter security and to cause Denial of Service due to application hang. Affected Software/OS: SquidGuard version 1.3 and 1.4 Solution: Apply the referenced patches. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
Cross-Ref: |
BugTraq ID: 36800 Common Vulnerability Exposure (CVE) ID: CVE-2009-3826 http://www.securityfocus.com/bid/36800 Bugtraq: 20091026 squidGuard 1.3 & 1.4 : buffer overflow (Google Search) http://www.securityfocus.com/archive/1/507440/100/0/threaded Debian Security Information: DSA-2040 (Google Search) http://www.debian.org/security/2010/dsa-2040 http://www.osvdb.org/59164 http://securitytracker.com/id?1023079 http://secunia.com/advisories/37107 http://secunia.com/advisories/39679 SuSE Security Announcement: SUSE-SR:2010:014 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://www.vupen.com/english/advisories/2009/3013 http://www.vupen.com/english/advisories/2010/1043 XForce ISS Database: squidguard-url-security-bypass(53922) https://exchange.xforce.ibmcloud.com/vulnerabilities/53922 Common Vulnerability Exposure (CVE) ID: CVE-2009-3700 http://www.osvdb.org/59163 XForce ISS Database: squidguard-sglog-security-bypass(53921) https://exchange.xforce.ibmcloud.com/vulnerabilities/53921 |
Copyright | Copyright (C) 2009 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |