ALAS-2016-735

Metadata

high
7.5
squid
CVE-2016-4051, CVE-2016-5408
2016-08-17
2018-02-09 01:04
ALAS-2016-713
CVE-2016-5408 squid3
CVE-2016-4051 squid3
CVE-2016-4051 squid
CVE-2016-4051
CVE-2016-5408
2018-01-19 03:04
2017-06-16 19:19
2017-04-01 21:43
2017-01-05 20:03

Description

A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. (CVE-2016-4051 )It was found that the fix for CVE-2016-4051 did not properly prevent the stack overflow in the munge_other_line() function. A remote attacker could send specially crafted data to the Squid proxy, which would exploit the cachemgr CGI utility, possibly triggering execution of arbitrary code. (CVE-2016-5408 )

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Package Patched in
squid squid-3.1.23-16.22.amzn1.i686
squid squid-3.1.23-16.22.amzn1.src
squid squid-3.1.23-16.22.amzn1.x86_64
squid-debuginfo squid-debuginfo-3.1.23-16.22.amzn1.i686
squid-debuginfo squid-debuginfo-3.1.23-16.22.amzn1.x86_64