CVE-2014-6270

Published: 12 September 2014

Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.

Priority

Status

Package	Release	Status
squid3 Launchpad, Ubuntu, Debian	lucid	Ignored (end of life)
	precise	Released (3.1.19-1ubuntu3.12.04.6)
	upstream	Released (3.4.8-1)
	trusty	Released (3.3.8-1ubuntu6.6)
	utopic	Ignored (end of life)
	vivid	Ignored (end of life)
	wily	Released (3.3.8-1ubuntu16.2)
	Patches: other: https://bugzilla.novell.com/show_bug.cgi?id=895773 upstream: http://bazaar.launchpad.net/~squid/squid/trunk/revision/13574 upstream: http://bazaar.launchpad.net/~squid/squid/trunk/revision/13582 upstream: http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12682.patch (3.3) upstream: http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10489.patch (3.1)

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›