Oval Definition:oval:org.mitre.oval:def:13183
Revision Date:2014-06-23Version:20
Title:DSA-2040-1 squidguard -- buffer overflow
Description:It was discovered that in squidguard, a URL redirector/filter/ACL plugin for squid, several problems in src/sgLog.c and src/sgDiv.c allow remote users to either: * cause a denial of service, by requesting long URLs containing many slashes; this forces the daemon into emergency mode, where it does not process requests anymore. * bypass rules by requesting URLs whose length is close to predefined buffer limits, in this case 2048 for squidguard and 4096 or 8192 for squid. For the stable distribution, this problem has been fixed in version 1.2.0-8.4+lenny1. For the unstable distribution, this problem has been fixed in version 1.2.0-9. We recommend that you upgrade your squidguard package.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2009-3700
CVE-2009-3826
DSA-2040-1
Platform(s):Debian GNU/Linux 5.0
Product(s):squidguard
Definition Synopsis
  • Debian GNU/Linux 5.0 is installed
  • AND Supported architectures section
  • Installed architecture is s390
  • OR Installed architecture is amd64
  • OR Installed architecture is sparc
  • OR Installed architecture is arm
  • OR Installed architecture is i386
  • OR Installed architecture is armel
  • OR Installed architecture is mips
  • OR Installed architecture is ia64
  • OR Installed architecture is alpha
  • OR Installed architecture is powerpc
  • OR Installed architecture is mipsel
  • OR Installed architecture is hppa
  • AND squidguard DPKG is earlier than 1.2.0-8.4+lenny1
    • BACK