5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
Several vulnerabilities have been discovered in Squid, the internet
object cache, the popular WWW proxy cache. The Common Vulnerabilities
and Exposures Project identifies the following vulnerabilities:
CAN-2005-0094
“infamous41md” discovered a buffer overflow in the parser for
Gopher responses which will lead to memory corruption and usually
crash Squid.
CAN-2005-0095
“infamous41md” discovered an integer overflow in the receiver of
WCCP (Web Cache Communication Protocol) messages. An attacker
could send a specially crafted UDP datagram that will cause Squid
to crash.
For the stable distribution (woody) these problems have been fixed in
version 2.4.6-2woody5.
For the unstable distribution (sid) these problems have been fixed in
version 2.5.7-4.
We recommend that you upgrade your squid package.
CPE | Name | Operator | Version |
---|---|---|---|
squid | eq | 2.4.6-2woody4 |