INFORMATION

Name : MDVSA-2010:033 First Publication : 2010-02-05
Vendor : Last Modification : 2010-02-05
Revision : N/A
Severity (Vendor) : N/A

SECURITY-DATABASE SCORING CVSS v2

Cvss Base Score : 4 Attack Range : Network
Cvss Impact Score : 2.9 Attack Complexity : Low
Cvss Expoit Score : 8 Authentification : Requires single instance

Calculate full CVSS 2.0 Vectors scores

DETAIL

: Problem Description:

A vulnerability have been discovered and corrected in Squid 2.x,
3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15, which allows
remote attackers to cause a denial of service (assertion failure)
via a crafted DNS packet that only contains a header (CVE-2010-0308).

This update provides a fix to this vulnerability.



ORIGINALSOURCES

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2010:033


CWE COMMON WEAKNESS ENUMERATION

CWE-20 - Improper Input Validation


OVAL ID

oval:org.mitre.oval:def:11270, lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.

oval:org.mitre.oval:def:11414, The operating system installed on the system is Red Hat Enterprise Linux 5


CPE COMMON PLATFORM ENUMERATION


OPEN SOURCE VULNERABILTY DATABASE (OSVDB)

62044 : Squid lib/rfc1035.c Header-only DNS Packet Handling Remote DoS.


INTERNAL SOURCES (Detail)

CVSS v2
Name Severity Base Score Impact Score Exploit Score Attack Range Attack Complexity Auth
CVE-2010-0308 Medium (Medium) 4 2.9 8 Network Low Requires single instance