Upstream information
Description
Multiple buffer overflows in squidGuard 1.4 allow remote attackers to bypass intended URL blocking via a long URL, related to (1) the relationship between a certain buffer size in squidGuard and a certain buffer size in Squid and (2) a redirect URL that contains information about the originally requested URL.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
National Vulnerability Database | |
---|---|
Base Score | 5 |
Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Access Vector | Network |
Access Complexity | Low |
Authentication | None |
Confidentiality Impact | None |
Integrity Impact | None |
Availability Impact | Partial |
SUSE Security Advisories:
- SUSE-SR:2010:014, published Mon, 02 Aug 2010 15:00:00 +0000
- SUSE-SR:2010:015, published Tue, 17 Aug 2010 10:00:00 +0000 openSUSE-SU-2010:0460-1
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Linux Enterprise High Performance Computing 12 SP5 |
| Patchnames: SUSE Linux Enterprise High Performance Computing 12 SP5 GA squidGuard-1.4-30.6.1 |
SUSE Linux Enterprise Server 11 SP2 |
| Patchnames: SUSE Linux Enterprise Server 11 SP2 GA squidGuard-1.4-13.6.1 |
SUSE Linux Enterprise Server 11 SP3 |
| Patchnames: SUSE Linux Enterprise Server 11 SP3 GA squidGuard-1.4-13.6.1 |
SUSE Linux Enterprise Server 11 SP4 |
| Patchnames: SUSE Linux Enterprise Server 11 SP4 GA squidGuard-1.4-13.6.1 |
SUSE Linux Enterprise Server 12 SP1 |
| Patchnames: SUSE Linux Enterprise Server 12 SP1 GA squidGuard-1.4-23.1 |
SUSE Linux Enterprise Server 12 SP2 |
| Patchnames: SUSE Linux Enterprise Server 12 SP2 GA squidGuard-1.4-23.1 |
SUSE Linux Enterprise Server 12 SP3 |
| Patchnames: SUSE Linux Enterprise Server 12 SP3 GA squidGuard-1.4-29.1 |
SUSE Linux Enterprise Server 12 SP4 |
| Patchnames: SUSE Linux Enterprise Server 12 SP4 GA squidGuard-1.4-30.6.1 |
SUSE Linux Enterprise Server 12 SP5 |
| Patchnames: SUSE Linux Enterprise Server 12 SP5 GA squidGuard-1.4-30.6.1 |
SUSE Linux Enterprise Server 12 |
| Patchnames: SUSE Linux Enterprise Server 12 GA squidGuard-1.4-23.1 |
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 |
| Patchnames: SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA squidGuard-1.4-23.1 |
openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2024-10562 |
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 07:28:15 2013CVE page last modified: Sat Jun 15 20:59:10 2024