7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.971 High
EPSS
Percentile
99.7%
Squid is a full-featured Web proxy cache.
A buffer overflow flaw was found in the Gopher relay parser. This bug
could allow a remote Gopher server to crash the Squid proxy that reads data
from it. Although Gopher servers are now quite rare, a malicious webpage
(for example) could redirect or contain a frame pointing to an attacker’s
malicious gopher server. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0094 to this issue.
An integer overflow flaw was found in the WCCP message parser. It is
possible to crash the Squid server if an attacker is able to send a
malformed WCCP message with a spoofed source address matching Squid’s
“home router”. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0095 to this issue.
A memory leak was found in the NTLM fakeauth_auth helper. It is possible
that an attacker could place the Squid server under high load, causing the
NTML fakeauth_auth helper to consume a large amount of memory, resulting in
a denial of service. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0096 to this issue.
A NULL pointer de-reference bug was found in the NTLM fakeauth_auth helper.
It is possible for an attacker to send a malformed NTLM type 3 message,
causing the Squid server to crash. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0097 to
this issue.
A username validation bug was found in squid_ldap_auth. It is possible for
a username to be padded with spaces, which could allow a user to bypass
explicit access control rules or confuse accounting. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0173 to this issue.
The way Squid handles HTTP responses was found to need strengthening. It is
possible that a malicious Web server could send a series of HTTP responses
in such a way that the Squid cache could be poisoned, presenting users with
incorrect webpages. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the names CAN-2005-0174 and CAN-2005-0175 to
these issues.
A bug was found in the way Squid handled oversized HTTP response headers.
It is possible that a malicious Web server could send a specially crafted
HTTP header which could cause the Squid cache to be poisoned, presenting
users with incorrect webpages. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2005-0241 to this issue.
A buffer overflow bug was found in the WCCP message parser. It is possible
that an attacker could send a malformed WCCP message which could crash the
Squid server or execute arbitrary code. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0211
to this issue.
Users of Squid should upgrade to this updated package, which contains
backported patches, and is not vulnerable to these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | s390x | squid | < 2.5.STABLE6-3.4E.3 | squid-2.5.STABLE6-3.4E.3.s390x.rpm |
RedHat | any | s390 | squid | < 2.5.STABLE6-3.4E.3 | squid-2.5.STABLE6-3.4E.3.s390.rpm |
RedHat | any | ia64 | squid | < 2.5.STABLE6-3.4E.3 | squid-2.5.STABLE6-3.4E.3.ia64.rpm |
RedHat | any | i386 | squid | < 2.5.STABLE6-3.4E.3 | squid-2.5.STABLE6-3.4E.3.i386.rpm |
RedHat | any | x86_64 | squid | < 2.5.STABLE6-3.4E.3 | squid-2.5.STABLE6-3.4E.3.x86_64.rpm |
RedHat | any | src | squid | < 2.5.STABLE6-3.4E.3 | squid-2.5.STABLE6-3.4E.3.src.rpm |
RedHat | any | ppc | squid | < 2.5.STABLE6-3.4E.3 | squid-2.5.STABLE6-3.4E.3.ppc.rpm |