ID

VAR-201109-0081


CVE

CVE-2011-3205


TITLE

Gopher of gopherToHTML Buffer overflow vulnerability in functions

Trust: 0.8

sources: JVNDB: JVNDB-2011-004877

DESCRIPTION

Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression. Squid is a proxy server and web cache server. Squid is flawed in parsing responses from the Gopher server. If the Gopher server returns more than 4096 bytes, it can trigger a buffer overflow. This overflow can cause memory corruption to generally cause Squid to crash. A malicious user must set up a fake Gopher server and forward the request through Squid. Successful exploitation of vulnerabilities allows arbitrary code to be executed in a server context. Squid Proxy is prone remote buffer-overflow vulnerability affects the Gopher-to-HTML functionality. Failed exploit attempts will result in a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-2304-1 security@debian.org http://www.debian.org/security/ Nico Golde Sep 11, 2011 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : squid3 Vulnerability : buffer overflow Problem type : remote Debian-specific: no Debian bug : 639755 CVE IDs : CVE-2011-3205 Ben Hawkes discovered that squid3, a full featured Web Proxy cache (HTTP proxy), is vulnerable to a buffer overflow when processing gopher server replies. For the oldstable distribution (lenny), this problem has been fixed in version 3.0.STABLE8-3+lenny5. For the stable distribution (squeeze), this problem has been fixed in version 3.1.6-1.2+squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 3.1.15-1. For the unstable distribution (sid), this problem has been fixed in version 3.1.15-1. We recommend that you upgrade your squid3 packages. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: squid security update Advisory ID: RHSA-2011:1293-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1293.html Issue date: 2011-09-14 CVE Names: CVE-2011-3205 ===================================================================== 1. Summary: An updated squid package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. (CVE-2011-3205) Users of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Package List: Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/squid-3.1.10-1.el6_1.1.src.rpm i386: squid-3.1.10-1.el6_1.1.i686.rpm squid-debuginfo-3.1.10-1.el6_1.1.i686.rpm ppc64: squid-3.1.10-1.el6_1.1.ppc64.rpm squid-debuginfo-3.1.10-1.el6_1.1.ppc64.rpm s390x: squid-3.1.10-1.el6_1.1.s390x.rpm squid-debuginfo-3.1.10-1.el6_1.1.s390x.rpm x86_64: squid-3.1.10-1.el6_1.1.x86_64.rpm squid-debuginfo-3.1.10-1.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/squid-3.1.10-1.el6_1.1.src.rpm i386: squid-3.1.10-1.el6_1.1.i686.rpm squid-debuginfo-3.1.10-1.el6_1.1.i686.rpm x86_64: squid-3.1.10-1.el6_1.1.x86_64.rpm squid-debuginfo-3.1.10-1.el6_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3205.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOcPqzXlSAg2UNWIIRAutlAJ9nlG0w3FNBVqFtxSNe10FKir/WkACeNQAA rDOr/svPTfi23jLvkODeYbk= =0hIH -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Squid Gopher Response Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA45805 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45805/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45805 RELEASE DATE: 2011-08-30 DISCUSS ADVISORY: http://secunia.com/advisories/45805/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45805/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45805 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerability is caused due to a boundary error when processing Gopher responses and can be exploited to cause a buffer overflow via an overly long string. This is related to vulnerability #2 in: SA13825 The vulnerability is reported in versions 3.0.x prior to 3.0.STABLE25 and 3.1.x prior to 3.1.14 SOLUTION: Update to version 3.0.STABLE26 or 3.1.15. PROVIDED AND/OR DISCOVERED BY: The vendor credits Ben Hawkes, Google Security Team. ORIGINAL ADVISORY: http://www.squid-cache.org/Advisories/SQUID-2011_3.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. For more information: SA45805 SOLUTION: Apply updated packages via the apt-get package manager. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Squid: Multiple vulnerabilities Date: October 26, 2011 Bugs: #279379, #279380, #301828, #334263, #381065, #386215 ID: 201110-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in Squid allowing attackers to execute arbitrary code or cause a Denial of Service. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-proxy/squid < 3.1.15 >= 3.1.15 Description =========== Multiple vulnerabilities have been discovered in Squid. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All squid users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-proxy/squid-3.1.15" NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 4, 2011. It is likely that your system is already no longer affected by this issue. References ========== [ 1 ] CVE-2009-2621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2621 [ 2 ] CVE-2009-2622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2622 [ 3 ] CVE-2009-2855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2855 [ 4 ] CVE-2010-0308 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0308 [ 5 ] CVE-2010-0639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0639 [ 6 ] CVE-2010-2951 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2951 [ 7 ] CVE-2010-3072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3072 [ 8 ] CVE-2011-3205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3205 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-24.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 3.15

sources: NVD: CVE-2011-3205 // JVNDB: JVNDB-2011-004877 // CNVD: CNVD-2011-3411 // BID: 49356 // PACKETSTORM: 105002 // PACKETSTORM: 105119 // PACKETSTORM: 104550 // PACKETSTORM: 104920 // PACKETSTORM: 104911 // PACKETSTORM: 107145 // PACKETSTORM: 105010 // PACKETSTORM: 106273

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2011-3411

AFFECTED PRODUCTS

vendor:squid cachemodel:squidscope:eqversion:3.1.3

Trust: 1.9

vendor:squid cachemodel:squidscope:eqversion:3.1.5.1

Trust: 1.9

vendor:squid cachemodel:squidscope:eqversion:3.1.6

Trust: 1.9

vendor:squid cachemodel:squidscope:eqversion:3.1.4

Trust: 1.9

vendor:squid cachemodel:squidscope:eqversion:3.1.0.9

Trust: 1.9

vendor:squid cachemodel:squidscope:eqversion:3.1.7

Trust: 1.9

vendor:squid cachemodel:squidscope:eqversion:3.1.5

Trust: 1.9

vendor:squid cachemodel:squidscope:eqversion:3.0.stable3

Trust: 1.6

vendor:squid cachemodel:squidscope:eqversion:3.0.stable2

Trust: 1.6

vendor:squid cachemodel:squidscope:eqversion:3.1.0.5

Trust: 1.6

vendor:squid cachemodel:squidscope:eqversion:3.1.0.11

Trust: 1.3

vendor:squid cachemodel:squidscope:eqversion:3.1.0.14

Trust: 1.3

vendor:squid cachemodel:squidscope:eqversion:3.1.0.6

Trust: 1.3

vendor:squid cachemodel:squidscope:eqversion:3.1.0.2

Trust: 1.3

vendor:squid cachemodel:squidscope:eqversion:3.1.0.16

Trust: 1.3

vendor:squid cachemodel:squidscope:eqversion:3.1.2

Trust: 1.3

vendor:squid cachemodel:squidscope:eqversion:3.1.0.10

Trust: 1.3

vendor:squid cachemodel:squidscope:eqversion:3.1.1

Trust: 1.3

vendor:squid cachemodel:squidscope:eqversion:3.1.0.17

Trust: 1.3

vendor:squid cachemodel:squidscope:eqversion:3.1.0.18

Trust: 1.3

vendor:squid cachemodel:squidscope:eqversion:3.1.0.1

Trust: 1.3

vendor:squid cachemodel:squidscope:eqversion:3.1.0.12

Trust: 1.3

vendor:squid cachemodel:squidscope:eqversion:3.1

Trust: 1.3

vendor:squid cachemodel:squidscope:eqversion:3.1.0.13

Trust: 1.3

vendor:squid cachemodel:squidscope:eqversion:3.1.0.3

Trust: 1.3

vendor:squid cachemodel:squidscope:eqversion:3.1.0.8

Trust: 1.3

vendor:squid cachemodel:squidscope:eqversion:3.1.0.7

Trust: 1.3

vendor:squid cachemodel:squidscope:eqversion:3.1.15

Trust: 1.1

vendor:squid cachemodel:squidscope:eqversion:3.2.0.4

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.2.0.9

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.0.stable9

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.0.stable15

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.0.stable6

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.1.8

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.1.12

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.0.stable7

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.0.stable4

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.2.0.7

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.0.stable14

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.0.stable22

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.0.stable23

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.2.0.3

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.1.13

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.2.0.1

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.1.9

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.0.stable11

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.1.11

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.0.stable8

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.0.stable10

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.1.0.15

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.2.0.5

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.0.stable13

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.0.stable21

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.0.stable20

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.2.0.6

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.0.stable19

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.1.14

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.0.stable24

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.1.10

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.2.0.2

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.2.0.10

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.0.stable16

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.2.0.8

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.0.stable1

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.0.stable5

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.0.stable18

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.0.stable12

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.1.0.4

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.0.stable17

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.0.stable25

Trust: 1.0

vendor:squid cachemodel:squidscope:eqversion:3.2.0.11

Trust: 0.8

vendor:squid cachemodel:squidscope:ltversion:3.1

Trust: 0.8

vendor:squid cachemodel:squidscope:ltversion:3.0

Trust: 0.8

vendor:squid cachemodel:squidscope:ltversion:3.2

Trust: 0.8

vendor:squid cachemodel:squidscope:eqversion:3.0.stable26

Trust: 0.8

vendor:squidmodel:squidscope:eqversion:3.x

Trust: 0.6

vendor:squidmodel:web proxyscope:eqversion:3.1.13

Trust: 0.3

vendor:squid cachemodel:3.0.stable25scope: - version: -

Trust: 0.3

vendor:squid cachemodel:3.0.stable18scope: - version: -

Trust: 0.3

vendor:squid cachemodel:3.0.stable21scope: - version: -

Trust: 0.3

vendor:squidmodel:web proxyscope:eqversion:3.1.14

Trust: 0.3

vendor:squid cachemodel:3.0.stable8scope: - version: -

Trust: 0.3

vendor:squidmodel:web proxy 3.0.stable26scope: - version: -

Trust: 0.3

vendor:squid cachemodel:3.0.stable22scope: - version: -

Trust: 0.3

vendor:squid cachemodel:3.0.stable7scope: - version: -

Trust: 0.3

vendor:squid cachemodel:3.0.stable13scope: - version: -

Trust: 0.3

vendor:squidmodel:web proxy cachescope:eqversion:3.2.0.10

Trust: 0.3

vendor:squid cachemodel:3.0.stable6scope: - version: -

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:squid cachemodel:3.0.stable23scope: - version: -

Trust: 0.3

vendor:squid cachemodel:3.0.stable15scope: - version: -

Trust: 0.3

vendor:squid cachemodel:3.0.stable16 rc1scope: - version: -

Trust: 0.3

vendor:squid cachemodel:3.0.stable20scope: - version: -

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:squidmodel:web proxy cachescope:neversion:3.2.0.11

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:squidmodel:web proxyscope:eqversion:3.0

Trust: 0.3

vendor:squid cachemodel:3.0.stable5scope: - version: -

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:squid cachemodel:3.0.stable4scope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:squid cachemodel:3.0.stable3scope: - version: -

Trust: 0.3

vendor:squid cachemodel:3.0.stable12scope: - version: -

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:squid cachemodel:3.0.stable2scope: - version: -

Trust: 0.3

vendor:squid cachemodel:3.0.stable17scope: - version: -

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:squidmodel:web proxyscope:neversion:3.1.15

Trust: 0.3

vendor:squid cachemodel:3.0.stable1scope: - version: -

Trust: 0.3

vendor:squid cachemodel:3.0.stable11scope: - version: -

Trust: 0.3

vendor:squid cachemodel:3.0.stable24scope: - version: -

Trust: 0.3

vendor:squidmodel:web proxyscope:eqversion:3.1

Trust: 0.3

vendor:squid cachemodel:3.0.stable11 rc1scope: - version: -

Trust: 0.3

vendor:squid cachemodel:3.0.stable9scope: - version: -

Trust: 0.3

vendor:squid cachemodel:3.0.stable14scope: - version: -

Trust: 0.3

vendor:squidmodel:web proxy cachescope:eqversion:3.2.0.2

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:squidmodel:web proxy cachescope:eqversion:3.2.0.1

Trust: 0.3

vendor:squid cachemodel:3.0.stable19scope: - version: -

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:11

Trust: 0.3

vendor:squid cachemodel:3.0.stable10scope: - version: -

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:squidmodel:web proxy 3.0.stable25scope: - version: -

Trust: 0.3

vendor:squid cachemodel:3.0.stable16scope: - version: -

Trust: 0.3

sources: CNVD: CNVD-2011-3411 // BID: 49356 // JVNDB: JVNDB-2011-004877 // CNNVD: CNNVD-201109-051 // NVD: CVE-2011-3205

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-3205
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-3205
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201109-051
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2011-3205
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2011-004877 // CNNVD: CNNVD-201109-051 // NVD: CVE-2011-3205

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-DesignError

Trust: 0.8

sources: JVNDB: JVNDB-2011-004877 // NVD: CVE-2011-3205

THREAT TYPE

remote

Trust: 1.3

sources: PACKETSTORM: 105119 // CNNVD: CNNVD-201108-512 // CNNVD: CNNVD-201109-051

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201108-512

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-004877

PATCH

title:Buffer Overflow vulnerability in Squidurl:https://blogs.oracle.com/sunsecurity/entry/cve_2011_3205_buffer_overflow

Trust: 0.8

title:SQUID-2011:3url:http://www.squid-cache.org/Advisories/SQUID-2011_3.txt

Trust: 0.8

title:Squid Gopher Answers Patch for Handling Buffer Overflow Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/4943

Trust: 0.6

title:Squid Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=234527

Trust: 0.6

sources: CNVD: CNVD-2011-3411 // JVNDB: JVNDB-2011-004877 // CNNVD: CNNVD-201109-051

EXTERNAL IDS

db:NVDid:CVE-2011-3205

Trust: 3.0

db:BIDid:49356

Trust: 2.5

db:SECUNIAid:45805

Trust: 2.3

db:SECUNIAid:45920

Trust: 1.7

db:SECUNIAid:45906

Trust: 1.7

db:SECUNIAid:46029

Trust: 1.7

db:SECUNIAid:45965

Trust: 1.7

db:SECTRACKid:1025981

Trust: 1.6

db:OPENWALLid:OSS-SECURITY/2011/08/29/2

Trust: 1.6

db:OPENWALLid:OSS-SECURITY/2011/08/30/8

Trust: 1.6

db:OPENWALLid:OSS-SECURITY/2011/08/30/4

Trust: 1.6

db:OSVDBid:74847

Trust: 1.6

db:JVNDBid:JVNDB-2011-004877

Trust: 0.8

db:CNVDid:CNVD-2011-3411

Trust: 0.6

db:CNNVDid:CNNVD-201108-512

Trust: 0.6

db:CNNVDid:CNNVD-201109-051

Trust: 0.6

db:PACKETSTORMid:105002

Trust: 0.1

db:PACKETSTORMid:105119

Trust: 0.1

db:PACKETSTORMid:104550

Trust: 0.1

db:PACKETSTORMid:104920

Trust: 0.1

db:PACKETSTORMid:104911

Trust: 0.1

db:PACKETSTORMid:107145

Trust: 0.1

db:PACKETSTORMid:105010

Trust: 0.1

db:PACKETSTORMid:106273

Trust: 0.1

sources: CNVD: CNVD-2011-3411 // BID: 49356 // JVNDB: JVNDB-2011-004877 // PACKETSTORM: 105002 // PACKETSTORM: 105119 // PACKETSTORM: 104550 // PACKETSTORM: 104920 // PACKETSTORM: 104911 // PACKETSTORM: 107145 // PACKETSTORM: 105010 // PACKETSTORM: 106273 // CNNVD: CNNVD-201108-512 // CNNVD: CNNVD-201109-051 // NVD: CVE-2011-3205

REFERENCES

url:http://www.securityfocus.com/bid/49356

Trust: 2.2

url:http://www.squid-cache.org/advisories/squid-2011_3.txt

Trust: 2.0

url:http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html

Trust: 1.7

url:http://lists.fedoraproject.org/pipermail/package-announce/2011-september/065534.html

Trust: 1.7

url:http://www.debian.org/security/2011/dsa-2304

Trust: 1.7

url:http://secunia.com/advisories/46029

Trust: 1.6

url:http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html

Trust: 1.6

url:http://openwall.com/lists/oss-security/2011/08/30/8

Trust: 1.6

url:https://bugzilla.redhat.com/show_bug.cgi?id=734583

Trust: 1.6

url:http://www.squid-cache.org/versions/v3/3.0/changesets/squid-3.0-9193.patch

Trust: 1.6

url:http://secunia.com/advisories/45920

Trust: 1.6

url:http://www.squid-cache.org/versions/v3/3.2/changesets/squid-3.2-11294.patch

Trust: 1.6

url:http://www.mandriva.com/security/advisories?name=mdvsa-2011:150

Trust: 1.6

url:http://secunia.com/advisories/45965

Trust: 1.6

url:http://secunia.com/advisories/45805

Trust: 1.6

url:http://secunia.com/advisories/45906

Trust: 1.6

url:http://openwall.com/lists/oss-security/2011/08/30/4

Trust: 1.6

url:http://www.squid-cache.org/versions/v2/2.head/changesets/12710.patch

Trust: 1.6

url:http://www.squid-cache.org/versions/v3/3.1/changesets/squid-3.1-10363.patch

Trust: 1.6

url:http://openwall.com/lists/oss-security/2011/08/29/2

Trust: 1.6

url:http://securitytracker.com/id?1025981

Trust: 1.6

url:http://www.redhat.com/support/errata/rhsa-2011-1293.html

Trust: 1.6

url:http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html

Trust: 1.6

url:http://www.osvdb.org/74847

Trust: 1.6

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3205

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3205

Trust: 0.8

url:http://secunia.com/advisories/45805/http

Trust: 0.6

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.5

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.5

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.5

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.5

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.5

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.5

url:http://blogs.oracle.com/sunsecurity/entry/cve_2011_3205_buffer_overflow

Trust: 0.3

url:http://www.squid-cache.org/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-3205

Trust: 0.3

url:http://secunia.com/blog/242

Trust: 0.3

url:https://rhn.redhat.com/errata/rhsa-2011-1293.html

Trust: 0.2

url:http://secunia.com/

Trust: 0.1

url:http://www.debian.org/security/faq

Trust: 0.1

url:http://www.debian.org/security/

Trust: 0.1

url:http://lists.grok.org.uk/full-disclosure-charter.html

Trust: 0.1

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-3205.html

Trust: 0.1

url:https://access.redhat.com/kb/docs/doc-11259

Trust: 0.1

url:https://access.redhat.com/security/team/key/#package

Trust: 0.1

url:http://bugzilla.redhat.com/):

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://access.redhat.com/security/team/contact/

Trust: 0.1

url:http://secunia.com/advisories/45805/#comments

Trust: 0.1

url:http://secunia.com/advisories/45805/

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=45805

Trust: 0.1

url:http://secunia.com/advisories/45920/

Trust: 0.1

url:http://secunia.com/advisories/45920/#comments

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=45920

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=45906

Trust: 0.1

url:http://secunia.com/advisories/45906/#comments

Trust: 0.1

url:http://secunia.com/advisories/45906/

Trust: 0.1

url:http://secunia.com/company/jobs/

Trust: 0.1

url:http://secunia.com/advisories/46029/

Trust: 0.1

url:http://secunia.com/advisories/46029/#comments

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=46029

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/trial/

Trust: 0.1

url:http://secunia.com/advisories/45965/

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=45965

Trust: 0.1

url:http://secunia.com/advisories/45965/#comments

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0308

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2951

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0308

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0639

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3205

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-2951

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3072

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-2855

Trust: 0.1

url:http://security.gentoo.org/glsa/glsa-201110-24.xml

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2621

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2855

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-2622

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-2621

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0639

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2622

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3072

Trust: 0.1

sources: CNVD: CNVD-2011-3411 // BID: 49356 // JVNDB: JVNDB-2011-004877 // PACKETSTORM: 105002 // PACKETSTORM: 105119 // PACKETSTORM: 104550 // PACKETSTORM: 104920 // PACKETSTORM: 104911 // PACKETSTORM: 107145 // PACKETSTORM: 105010 // PACKETSTORM: 106273 // CNNVD: CNNVD-201108-512 // CNNVD: CNNVD-201109-051 // NVD: CVE-2011-3205

CREDITS

Secunia

Trust: 0.5

sources: PACKETSTORM: 104550 // PACKETSTORM: 104920 // PACKETSTORM: 104911 // PACKETSTORM: 107145 // PACKETSTORM: 105010

SOURCES

db:CNVDid:CNVD-2011-3411
db:BIDid:49356
db:JVNDBid:JVNDB-2011-004877
db:PACKETSTORMid:105002
db:PACKETSTORMid:105119
db:PACKETSTORMid:104550
db:PACKETSTORMid:104920
db:PACKETSTORMid:104911
db:PACKETSTORMid:107145
db:PACKETSTORMid:105010
db:PACKETSTORMid:106273
db:CNNVDid:CNNVD-201108-512
db:CNNVDid:CNNVD-201109-051
db:NVDid:CVE-2011-3205

LAST UPDATE DATE

2024-11-20T22:36:18.688000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2011-3411date:2011-08-30T00:00:00
db:BIDid:49356date:2015-05-07T17:11:00
db:JVNDBid:JVNDB-2011-004877date:2012-04-18T00:00:00
db:CNNVDid:CNNVD-201108-512date:2011-08-31T00:00:00
db:CNNVDid:CNNVD-201109-051date:2023-04-23T00:00:00
db:NVDid:CVE-2011-3205date:2023-11-07T02:08:27.883

SOURCES RELEASE DATE

db:CNVDid:CNVD-2011-3411date:2011-08-30T00:00:00
db:BIDid:49356date:2011-08-29T00:00:00
db:JVNDBid:JVNDB-2011-004877date:2012-03-27T00:00:00
db:PACKETSTORMid:105002date:2011-09-12T14:44:49
db:PACKETSTORMid:105119date:2011-09-14T22:52:18
db:PACKETSTORMid:104550date:2011-08-29T05:10:22
db:PACKETSTORMid:104920date:2011-09-08T08:14:56
db:PACKETSTORMid:104911date:2011-09-08T08:14:29
db:PACKETSTORMid:107145date:2011-11-19T11:11:14
db:PACKETSTORMid:105010date:2011-09-13T05:45:01
db:PACKETSTORMid:106273date:2011-10-26T23:33:14
db:CNNVDid:CNNVD-201108-512date:1900-01-01T00:00:00
db:CNNVDid:CNNVD-201109-051date:2011-09-07T00:00:00
db:NVDid:CVE-2011-3205date:2011-09-06T15:55:08.383