20 matches found
SUSE CVE-2005-0094
Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service crash via crafted responses...
SUSE CVE-2005-0096
Memory leak in the NTLM fakeauthauth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service memory consumption...
CVE-2022-41318
A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a...
Integer overflow
A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a...
Fedora Core 5 : squid-2.5.STABLE14-3.FC5 (2007-092)
Wed Jan 17 2007 Martin Stransky - 7:2.5.STABLE14-3.FC5 - added fix for 222883 - Squid crashes when receiving certain FTP listings CVE-2007-0247 - Thu Jun 8 2006 Martin Stransky - 7:2.5.STABLE14-2.FC5 - fix for squid BZ1511 - assertion failed: HttpReply.c:105: 'rep' Note that Tenable Network...
CVE-2005-3258
The rfc1738doescape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service segmentation fault via certain "odd" responses...
Fedora Core 3 : squid-2.5.STABLE9-1.FC3.4 (2005-276)
Wed Mar 23 2005 Jay Fenlason 7:2.5.STABLE9-1.FC3.4 - Add more upstream patches. - add the -libbind patch, to avoid picking up a new dependency on libbind. - Remove references to /etc/squid/errors from this spec, since squid now uses datadir/squid/errors/English/ by default overridable in...
Fedora Core 3 : squid-2.5.STABLE9-1.FC3.6 (2005-373)
Mon May 16 2005 Jay Fenlason 7:2.5.STABLE9-1.FC3.6 - More upstream patches, including ones for bz157456 CVE-2005-1519 DNS lookups unreliable on untrusted networks bz156162 CVE-1999-0710 cachemgr.cgi access control bypass - The following bugs had already been fixed, but the announcements were lost...
Fedora Core 2 : squid-2.5.STABLE9-1.FC2.2 (2005-275)
Tue Mar 29 2005 Jay Fenlason 7:2.5.STABLE9-1.FC3.2 - more upstream patches - include -libbind patch, to prevent squid from picking up a dependency on libbind. - remove references to /etc/squid/errors, since squid now uses datadir/squid/errors/English by default. overridable in squid.conf - Mark...
CVE-2005-0211
Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter...
CVE-2005-0194
Squid 2.5, when processing the configuration file, parses empty Access Control Lists ACLs, including proxyauth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warning...
CVE-2005-0211
Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter...
CVE-2005-0194
Squid 2.5, when processing the configuration file, parses empty Access Control Lists ACLs, including proxyauth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warning...
Mandrake Linux Security Advisory : squid (MDKSA-2005:078)
Squid 2.5, when processing the configuration file, parses empty Access Control Lists ACLs, including proxyauth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warning...
security flaw
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack...
security flaw
Memory leak in the NTLM fakeauthauth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service memory consumption...
CVE-2005-0211
CVE-2005-0211 describes a buffer overflow in Squid’s WCCP handling: the wccp.c recvfrom path in Squid 2.5 before 2.5.STABLE7 processes an oversized WCCP packet due to an incorrect length parameter, enabling remote attackers to cause a denial of service and possibly execute arbitrary code. Affecte...
CVE-2005-0211
Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter...
CVE-2005-0096
CVE-2005-0096 affects Squid 2.5.STABLE7 and earlier, where a memory leak in the NTLM fakeauth_auth helper can cause a denial of service through unbounded memory growth. The vulnerability is triggered remotely via the network. Connected advisories/entries show remediation efforts for Squid (e.g., ...
CVE-2005-0094
Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service crash via crafted responses...