---------------------------------------------------------------------- Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/ ---------------------------------------------------------------------- TITLE: Squid HTCP Request Processing Denial of Service Vulnerability SECUNIA ADVISORY ID: SA38561 VERIFY ADVISORY: http://secunia.com/advisories/38561/ DESCRIPTION: A vulnerability has been reported in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a NULL pointer dereference error within the processing of certain Hypertext Caching Protocol (HTCP) requests. This can be exploited to crash the service by sending specially crafted HTCP requests to an affected system. Successful exploitation requires that HTCP is enabled (disabled by default). SOLUTION: Update to version 3.0.STABLE24 or apply patch. Patch: http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patch PROVIDED AND/OR DISCOVERED BY: The vendor credits Kieran Whitbread. ORIGINAL ADVISORY: http://www.squid-cache.org/Advisories/SQUID-2010_2.txt http://bugs.squid-cache.org/show_bug.cgi?id=2858 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------