6 matches found
FreeBSD : squid -- buffer overflow in WCCP recvfrom() call (23fb5a04-722b-11d9-9e1e-c296ac722cb3)
According to the Squid Proxy Cache Security Update Advisory SQUID-2005:3, The WCCP recvfrom call accepts more data than will fit in the allocated buffer. An attacker may send a larger-than-normal WCCP message to Squid and overflow this buffer. Severity : The bug is important because it allows...
Squid vulnerable to buffer overflow via an overly long WCCP message
Overview The Squid web proxy cache is vulnerable to a buffer overflow when handing overly long web cache communications protocol WCCP messages. Such messages could crash the Squid process and produce a denial of service condition. Description Squid functions as a web proxy and cache application f...
CVE-2005-0095
The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service crash via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCPISEEYOU cache numbers...
CVE-2005-0095
The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service crash via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCPISEEYOU cache numbers...
CVE-2005-0095
The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service crash via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCPISEEYOU cache numbers...
squid -- denial of service with forged WCCP messages
The squid patches page notes: WCCPISEEYOU messages contain a 'number of caches' field which should be between 1 and 32. Values outside that range may crash Squid if WCCP is enabled, and if an attacker can spoof UDP packets with the WCCP router's IP address...