CVE-2014-6270

Publication date 12 September 2014

Last updated 24 July 2024

Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
squid3	15.10 wily	Fixed 3.3.8-1ubuntu16.2
	15.04 vivid	Ignored end of life
	14.10 utopic	Ignored end of life
	14.04 LTS trusty	Fixed 3.3.8-1ubuntu6.6
	12.04 LTS precise	Fixed 3.1.19-1ubuntu3.12.04.6
	10.04 LTS lucid	Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
squid3	Other: https://bugzilla.novell.com/show_bug.cgi?id=895773 Upstream: http://bazaar.launchpad.net/~squid/squid/trunk/revision/13574 Upstream: http://bazaar.launchpad.net/~squid/squid/trunk/revision/13582 Upstream: http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12682.patch Upstream: http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10489.patch

References

Related Ubuntu Security Notices (USN)

USN-2921-1
Squid vulnerabilities
7 March 2016

CVE-2014-6270

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references