Public bug reported: Description The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.
References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0639 http://www.squid-cache.org/Advisories/SQUID-2010_2.txt http://www.ubuntu.com/usn/usn-904-1 patch: http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patch ** Affects: squid3 (Ubuntu) Importance: Undecided Assignee: Mahyuddin Susanto (udienz) Status: In Progress ** Changed in: squid3 (Ubuntu) Status: New => In Progress ** Changed in: squid3 (Ubuntu) Assignee: (unassigned) => Mahyuddin Susanto (udienz) ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-0639 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in Ubuntu. https://bugs.launchpad.net/bugs/907687 Title: CVE-2010-0639: DoS (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907687/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
