5 - MDVSA-2008:134

Executive Summary

Summary
Title	Updated squid packages fix DoS vulnerability

Informations
Name	MDVSA-2008:134	First vendor Publication	2008-07-04
Vendor	Mandriva	Last vendor Modification	2008-07-04
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

An incorrect fix for CVE-2007-6239 resulted in Squid not performing proper bounds checking when processing cache update replies. Because of this, a remote authenticated user might have been able to trigger an assertion error and cause a denial of service (CVE-2008-1612).

The updated packages have been patched to correct this issue.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2008:134

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10915

Oval ID:	oval:org.mitre.oval:def:10915
Title:	The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.
Description:	The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-6239	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND squid is earlier than 7:2.5.STABLE3-8.3E OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND squid is earlier than 7:2.5.STABLE14-1.4E.el4_6.1 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND squid is earlier than 7:2.6.STABLE6-5.el5_1.2

Definition Id: oval:org.mitre.oval:def:11376

Oval ID:	oval:org.mitre.oval:def:11376
Title:	The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239.
Description:	The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-1612	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND squid is earlier than 0:2.5.STABLE3-9.3E OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND squid is earlier than 0:2.5.STABLE14-1.4E.el4_6.2 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND squid is earlier than 0:2.6.STABLE6-5.el5_1.3

Definition Id: oval:org.mitre.oval:def:17664

Oval ID:	oval:org.mitre.oval:def:17664
Title:	USN-601-1 -- squid vulnerability
Description:	It was discovered that Squid did not perform proper bounds checking when processing cache update replies.
Family:	unix	Class:	patch
Reference(s):	USN-601-1 CVE-2007-6239 CVE-2008-1612	Version:	7
Platform(s):	Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10	Product(s):	squid
Definition Synopsis:
Release section Ubuntu 6.06 is installed AND squid DPKG is earlier than 2.5.12-4ubuntu2.4 AND Release section Ubuntu 6.10 is installed AND squid DPKG is earlier than 2.6.1-3ubuntu1.7 AND Release section Ubuntu 7.04 is installed AND squid DPKG is earlier than 2.6.5-4ubuntu2.2 AND Release section Ubuntu 7.10 is installed AND squid DPKG is earlier than 2.6.14-1ubuntu2.2

Definition Id: oval:org.mitre.oval:def:17749

Oval ID:	oval:org.mitre.oval:def:17749
Title:	USN-565-1 -- squid vulnerability
Description:	It was discovered that Squid did not always clean up cache memory correctly.
Family:	unix	Class:	patch
Reference(s):	USN-565-1 CVE-2007-6239	Version:	7
Platform(s):	Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10	Product(s):	squid
Definition Synopsis:
Release section Ubuntu 6.06 is installed AND squid DPKG is earlier than 2.5.12-4ubuntu2.3 AND Release section Ubuntu 6.10 is installed AND squid DPKG is earlier than 2.6.1-3ubuntu1.5 AND Release section Ubuntu 7.04 is installed AND squid DPKG is earlier than 2.6.5-4ubuntu2.1 AND Release section Ubuntu 7.10 is installed AND squid DPKG is earlier than 2.6.14-1ubuntu2.1

Definition Id: oval:org.mitre.oval:def:18736

Oval ID:	oval:org.mitre.oval:def:18736
Title:	DSA-1646-2 squid - array bounds check
Description:	A weakness has been discovered in squid, a caching proxy server. The flaw was introduced upstream in response to <a href="http://security-tracker.debian.org/tracker/CVE-2007-6239">CVE-2007-6239</a>, and announced by Debian in <a href="dsa-1482">DSA-1482-1</a>. The flaw involves an over-aggressive bounds check on an array resize, and could be exploited by an authorised client to induce a denial of service condition against squid.
Family:	unix	Class:	patch
Reference(s):	DSA-1646-2 CVE-2008-1612 CVE-2007-6239	Version:	7
Platform(s):	Debian GNU/Linux 4.0	Product(s):	squid
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND squid DPKG is earlier than 2.6.5-6etch4

Definition Id: oval:org.mitre.oval:def:19956

Oval ID:	oval:org.mitre.oval:def:19956
Title:	DSA-1482-1 squid - programming error
Description:	It was discovered that malformed cache update replies against the Squid WWW proxy cache could lead to the exhaustion of system memory, resulting in potential denial of service.
Family:	unix	Class:	patch
Reference(s):	DSA-1482-1 CVE-2007-6239	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	squid
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND squid DPKG is earlier than 0:2.6.5-6etch1

Definition Id: oval:org.mitre.oval:def:21708

Oval ID:	oval:org.mitre.oval:def:21708
Title:	ELSA-2007:1130: squid security update (Moderate)
Description:	The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.
Family:	unix	Class:	patch
Reference(s):	ELSA-2007:1130-01 CVE-2007-6239	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	squid
Definition Synopsis:
Oracle Linux 5.x AND squid is earlier than 7:2.6.STABLE6-5.el5_1.2

Definition Id: oval:org.mitre.oval:def:22702

Oval ID:	oval:org.mitre.oval:def:22702
Title:	ELSA-2008:0214: squid security update (Moderate)
Description:	The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239.
Family:	unix	Class:	patch
Reference(s):	ELSA-2008:0214-01 CVE-2008-1612	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	squid
Definition Synopsis:
Oracle Linux 5.x AND squid is earlier than 7:2.6.STABLE6-5.el5_1.3

Definition Id: oval:org.mitre.oval:def:7232

Oval ID:	oval:org.mitre.oval:def:7232
Title:	DSA-1646 squid -- array bounds check
Description:	A weakness has been discovered in squid, a caching proxy server. The flaw was introduced upstream in response to CVE-2007-6239, and announced by Debian in DSA-1482-1. The flaw involves an over-aggressive bounds check on an array resize, and could be exploited by an authorised client to induce a denial of service condition against squid.
Family:	unix	Class:	patch
Reference(s):	DSA-1646 CVE-2008-1612 CVE-2007-6239	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	squid
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Architecture section Architecture independent section Installed architecture is all AND squid-common is earlier than 2.6.5-6etch2 AND squidclient is earlier than 2.6.5-6etch2 AND squid is earlier than 2.6.5-6etch2 AND squid-cgi is earlier than 2.6.5-6etch2

Definition Id: oval:org.mitre.oval:def:7991

Oval ID:	oval:org.mitre.oval:def:7991
Title:	DSA-1482 squid -- programming error
Description:	It was discovered that malformed cache update replies against the Squid WWW proxy cache could lead to the exhaustion of system memory, resulting in potential denial of service.
Family:	unix	Class:	patch
Reference(s):	DSA-1482 CVE-2007-6239	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	squid
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Architecture section Architecture independent section Installed architecture is all AND squid-common is earlier than 2.6.5-6etch1 AND squidclient is earlier than 2.6.5-6etch1 AND squid is earlier than 2.6.5-6etch1 AND squid-cgi is earlier than 2.6.5-6etch1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Squid cpe:2.3:a:squid:squid:2.6.stable17:::::::*	1
Application	Squid Squid Web Proxy Cache cpe:2.3:a:squid:squid_web_proxy_cache:3.0_pre3:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:3.0_pre2:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:3.0_pre1:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:3.0:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.6.stable7:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.6.stable6:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.6.stable5:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.6.stable4:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.6.stable3:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.6.stable2:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.6.stable16:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.6.stable15:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.6.stable14:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.6.stable13:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.6.stable12:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.6.stable1:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.6:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.5.stable14:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.5.stable13:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.5.stable12:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.5.stable11:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.5_stable8:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.5_stable7:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.5_stable6:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.5_stable5:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.5_stable4:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.5_stable3:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.5_stable10:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.5_stable1:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.5_.stable9:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.4_stable7:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.4_stable6:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.4_stable4:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.4_stable2:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.3.stable5:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.3.stable4:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.1_patch2:::::::* cpe:2.3:a:squid:squid_web_proxy_cache:2.0_patch2:::::::*	38

OpenVAS Exploits

Date	Description
2009-10-13	Name : SLES10: Security update for squid File : nvt/sles10_squid0.nasl
2009-10-13	Name : SLES10: Security update for Squid File : nvt/sles10_squid.nasl
2009-10-10	Name : SLES9: Security update for squid File : nvt/sles9p5024260.nasl
2009-10-10	Name : SLES9: Security update for squid File : nvt/sles9p5015636.nasl
2009-04-09	Name : Mandriva Update for squid MDVSA-2008:134 (squid) File : nvt/gb_mandriva_MDVSA_2008_134.nasl
2009-04-09	Name : Mandriva Update for squid MDVSA-2008:002 (squid) File : nvt/gb_mandriva_MDVSA_2008_002.nasl
2009-03-31	Name : Gentoo Security Advisory GLSA 200903-38 (Squid) File : nvt/glsa_200903_38.nasl
2009-03-23	Name : Ubuntu Update for squid vulnerability USN-601-1 File : nvt/gb_ubuntu_USN_601_1.nasl
2009-03-23	Name : Ubuntu Update for squid vulnerability USN-565-1 File : nvt/gb_ubuntu_USN_565_1.nasl
2009-03-06	Name : RedHat Update for squid RHSA-2008:0214-01 File : nvt/gb_RHSA-2008_0214-01_squid.nasl
2009-03-06	Name : RedHat Update for squid RHSA-2007:1130-01 File : nvt/gb_RHSA-2007_1130-01_squid.nasl
2009-02-27	Name : CentOS Update for squid CESA-2008:0214 centos4 x86_64 File : nvt/gb_CESA-2008_0214_squid_centos4_x86_64.nasl
2009-02-27	Name : CentOS Update for squid CESA-2007:1130-04 centos2 i386 File : nvt/gb_CESA-2007_1130-04_squid_centos2_i386.nasl
2009-02-27	Name : CentOS Update for squid CESA-2007:1130 centos3 i386 File : nvt/gb_CESA-2007_1130_squid_centos3_i386.nasl
2009-02-27	Name : CentOS Update for squid CESA-2007:1130 centos3 x86_64 File : nvt/gb_CESA-2007_1130_squid_centos3_x86_64.nasl
2009-02-27	Name : CentOS Update for squid CESA-2007:1130 centos4 i386 File : nvt/gb_CESA-2007_1130_squid_centos4_i386.nasl
2009-02-27	Name : CentOS Update for squid CESA-2007:1130 centos4 x86_64 File : nvt/gb_CESA-2007_1130_squid_centos4_x86_64.nasl
2009-02-27	Name : CentOS Update for squid CESA-2008:0214-01 centos2 i386 File : nvt/gb_CESA-2008_0214-01_squid_centos2_i386.nasl
2009-02-27	Name : CentOS Update for squid CESA-2008:0214 centos3 i386 File : nvt/gb_CESA-2008_0214_squid_centos3_i386.nasl
2009-02-27	Name : Fedora Update for squid FEDORA-2007-4170 File : nvt/gb_fedora_2007_4170_squid_fc8.nasl
2009-02-27	Name : Fedora Update for squid FEDORA-2007-4161 File : nvt/gb_fedora_2007_4161_squid_fc7.nasl
2009-02-27	Name : CentOS Update for squid CESA-2008:0214 centos3 x86_64 File : nvt/gb_CESA-2008_0214_squid_centos3_x86_64.nasl
2009-02-27	Name : CentOS Update for squid CESA-2008:0214 centos4 i386 File : nvt/gb_CESA-2008_0214_squid_centos4_i386.nasl
2009-02-16	Name : Fedora Update for squid FEDORA-2008-2740 File : nvt/gb_fedora_2008_2740_squid_fc8.nasl
2008-11-01	Name : Debian Security Advisory DSA 1646-2 (squid) File : nvt/deb_1646_2.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200801-05 (squid) File : nvt/glsa_200801_05.nasl
2008-09-04	Name : FreeBSD Ports: squid File : nvt/freebsd_squid21.nasl
2008-02-15	Name : Debian Security Advisory DSA 1482-1 (squid) File : nvt/deb_1482_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
44276	Squid lib/Array.c arrayShrink Function Assert Error Unspecified DoS
39381	Squid Cache Update Reply Processing Remote DoS

Snort® IPS/IDS

Date	Description
2014-01-10	Multiple Products excessive HTTP 304 Not Modified responses exploit attempt RuleID : 16008 - Revision : 18 - Type : OS-WINDOWS

Nessus® Vulnerability Scanner

Date	Description
2013-07-12	Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2007-1130.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2008-0214.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing a security update. File : sl_20080408_squid_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing a security update. File : sl_20071218_squid_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_squid-5301.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12135.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12004.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-002.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-134.nasl - Type : ACT_GATHER_INFO
2009-03-25	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200903-38.nasl - Type : ACT_GATHER_INFO
2008-10-07	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1646.nasl - Type : ACT_GATHER_INFO
2008-05-09	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_squid-5157.nasl - Type : ACT_GATHER_INFO
2008-05-09	Name : The remote openSUSE host is missing a security update. File : suse_squid-5155.nasl - Type : ACT_GATHER_INFO
2008-05-01	Name : The remote Fedora host is missing a security update. File : fedora_2008-2740.nasl - Type : ACT_GATHER_INFO
2008-04-17	Name : The remote CentOS host is missing a security update. File : centos_RHSA-2008-0214.nasl - Type : ACT_GATHER_INFO
2008-04-17	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-601-1.nasl - Type : ACT_GATHER_INFO
2008-04-11	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0214.nasl - Type : ACT_GATHER_INFO
2008-02-06	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1482.nasl - Type : ACT_GATHER_INFO
2008-01-10	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200801-05.nasl - Type : ACT_GATHER_INFO
2008-01-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-565-1.nasl - Type : ACT_GATHER_INFO
2007-12-31	Name : The remote openSUSE host is missing a security update. File : suse_squid-4779.nasl - Type : ACT_GATHER_INFO
2007-12-31	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_squid-4782.nasl - Type : ACT_GATHER_INFO
2007-12-19	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2007-1130.nasl - Type : ACT_GATHER_INFO
2007-12-19	Name : The remote CentOS host is missing a security update. File : centos_RHSA-2007-1130.nasl - Type : ACT_GATHER_INFO
2007-12-17	Name : The remote Fedora host is missing a security update. File : fedora_2007-4170.nasl - Type : ACT_GATHER_INFO
2007-12-17	Name : The remote Fedora host is missing a security update. File : fedora_2007-4161.nasl - Type : ACT_GATHER_INFO
2007-12-07	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_6eb580d7a29c11dc8919001c2514716c.nasl - Type : ACT_GATHER_INFO
2007-12-04	Name : The remote proxy server is prone to a denial of service attack. File : squid_2_6_17.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:39:29	Multiple Updates
2013-05-11 00:46:58	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	2
Oval ID(s)	10
CPE ID(s)	39
osvdb(s)	2
Openvas Exploit(s)	28
Snort® Rule(s)	1
Nessus® Exploit(s)	28

	Related
5	CVE-2007-6239
4.3	CVE-2008-1612
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)

5 - MDVSA-2008:134

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU