Lucene search
SuseSUSE-SA:2002:008HistoryMar 04, 2002 - 12:12 p.m.
remote command execution in squid
2002-03-0412:12:39
lists.opensuse.org
15
0.44 Medium
EPSS
Percentile
97.4%
The widely used proxy-server squid contains a heap overflow in one of its URL constructing functions. Incorrect length-calculations for the user and passwd fields in ftp-URLs turned out to be the origin of the problem. Only users from hosts listed in squids ACL-files could trigger the overflow. The ftp-URL problem is not present in the 6.4, 7.0 and 7.1 distributions, but other security releated bugs have been fixed there. A complete history can be found at
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 7.0 | i386 | squid2 | < 2.2.STABLE5-218 | squid2-2.2.STABLE5-218.i386.rpm |
| openSUSE | 7.3 | ppc | squid-beta | < 2.4.STABLE2-59 | squid-beta-2.4.STABLE2-59.ppc.rpm |
| openSUSE | 7.1 | ppc | squid2 | < 2.2.STABLE5-200 | squid2-2.2.STABLE5-200.ppc.rpm |
| openSUSE | 6.4 | i386 | squid2 | < 2.2.STABLE5-219 | squid2-2.2.STABLE5-219.i386.rpm |
| openSUSE | 7.3 | i386 | squid-beta | < 2.4.STABLE2-94 | squid-beta-2.4.STABLE2-94.i386.rpm |
| openSUSE | 7.1 | sparc | squid2 | < 2.2.STABLE5-208 | squid2-2.2.STABLE5-208.sparc.rpm |
| openSUSE | 7.0 | alpha | squid23 | < 2.3.STABLE4-74 | squid23-2.3.STABLE4-74.alpha.rpm |
| openSUSE | 6.4 | alpha | squid2 | < 2.2.STABLE5-227 | squid2-2.2.STABLE5-227.alpha.rpm |
| openSUSE | 7.1 | sparc | squid23 | < 2.3.STABLE4-60 | squid23-2.3.STABLE4-60.sparc.rpm |
| openSUSE | 7.1 | ppc | squid23 | < 2.3.STABLE4-68 | squid23-2.3.STABLE4-68.ppc.rpm |
Related
openvas
openvas
Squid 2.0 < 2.4 STABLE4 FTP Proxy URL Buffer Overflow Vulnerability
2017-07-28 00:00:00
cert
cert
cvelist
cvelist
CVE-2002-0068
2003-04-02 05:00:00
nvd
nvd
CVE-2002-0068
2002-03-08 05:00:00
cve
cve
CVE-2002-0068
2003-04-02 05:00:00
nessus
nessus
Squid FTP URL Special Character Handling Remote Overflow
2002-03-27 00:00:00
Mandrake Linux Security Advisory : squid (MDKSA-2002:016-1)
2004-07-31 00:00:00