ALAS-2016-735 ---- squidID: oval:org.secpod.oval:def:1600437 | Date: (C)2016-08-23 (M)2023-12-20 |
Class: PATCH | Family: unix |
A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. It was found that the fix for CVE-2016-4051 did not properly prevent the stack overflow in the munge_other_line function. A remote attacker could send specially crafted data to the Squid proxy, which would exploit the cachemgr CGI utility, possibly triggering execution of arbitrary code
Platform: |
Amazon Linux AMI |