Squid Proxy FTP Server Directory Listing HTML Parser Remote Overflow

2002-07-03T00:00:00
ID OSVDB:5923
Type osvdb
Reporter OSVDB
Modified 2002-07-03T00:00:00

Description

Vulnerability Description

A remote overflow exists in Squid Web Proxy Cache. The overflow is triggered due to improper parsing of FTP directory listings into HTML, which a remote attacker can use to cause arbitrary code execution resulting in a loss of confidentiality, integrity, and/or availability.

Solution Description

Upgrade to version 2.4.STABLE7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in Squid Web Proxy Cache. The overflow is triggered due to improper parsing of FTP directory listings into HTML, which a remote attacker can use to cause arbitrary code execution resulting in a loss of confidentiality, integrity, and/or availability.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Related OSVDB ID: 5926 Related OSVDB ID: 5924 Related OSVDB ID: 5925 Related OSVDB ID: 5917 RedHat RHSA: RHSA-2002:051-20 ISS X-Force ID: 9481 CVE-2002-0713 Bugtraq ID: 5153 Bugtraq ID: 5156