Lucene search
SuseSUSE-SA:2005:006HistoryFeb 10, 2005 - 3:13 p.m.
remote command execution in squid
2005-02-1015:13:39
lists.opensuse.org
26
0.971 High
EPSS
Percentile
99.7%
Squid is a feature-rich web-proxy with support for various web-related protocols. The last two squid updates from February the 1st and 10th fix several vulnerabilities. The impact of them range from remote denial-of-service over cache poisoning to possible remote command execution. Due to the hugh amount of bugs the vulnerabilities are just summarized here. CAN-2005-0094 A buffer overflow in the Gopher responses parser leads to memory corruption and usually crash squid.
Solution
There is no workaround known.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 9.1 | i586 | squid | < 2.5.STABLE5-42.27 | squid-2.5.STABLE5-42.27.i586.rpm |
| openSUSE | 9.1 | x86_64 | squid | < 2.5.STABLE5-42.27 | squid-2.5.STABLE5-42.27.x86_64.rpm |
| openSUSE | 9.0 | i586 | squid | < 2.5.STABLE3-118 | squid-2.5.STABLE3-118.i586.rpm |
| openSUSE | 8.2 | i586 | squid | < 2.5.STABLE1-106 | squid-2.5.STABLE1-106.i586.rpm |
| openSUSE | 8.1 | i586 | squid | < 2.4.STABLE7-288 | squid-2.4.STABLE7-288.i586.rpm |
| openSUSE | 9.0 | x86_64 | squid | < 2.5.STABLE3-118 | squid-2.5.STABLE3-118.x86_64.rpm |
| openSUSE | 9.2 | i586 | squid | < 2.5.STABLE6-6.6 | squid-2.5.STABLE6-6.6.i586.rpm |
| openSUSE | 9.2 | x86_64 | squid | < 2.5.STABLE6-6.6 | squid-2.5.STABLE6-6.6.x86_64.rpm |
Related
nessus
nessus
RHEL 2.1 / 3 : squid (RHSA-2005:061)
2005-02-14 00:00:00
SUSE-SA:2005:006: squid
2005-02-10 00:00:00
RHEL 4 : squid (RHSA-2005:060)
2005-02-22 00:00:00
redhat
redhat
(RHSA-2005:061) squid security update
2005-02-11 00:00:00
(RHSA-2005:060) squid security update
2005-02-15 00:00:00
ubuntu
ubuntu
Squid vulnerabilities
2005-02-08 00:00:00
Squid vulnerabilities
2005-01-21 00:00:00
openvas
openvas
SLES9: Security update for squid
2009-10-10 00:00:00
Ubuntu: Security Advisory (USN-77-1)
2022-08-26 00:00:00
Gentoo Security Advisory GLSA 200502-04 (squid)
2008-09-24 00:00:00
gentoo
gentoo
Squid: Multiple vulnerabilities
2005-02-02 00:00:00
Squid: Multiple vulnerabilities
2005-01-16 00:00:00
debian
debian
[SECURITY] [DSA 667-1] New squid packages fix several vulnerabilities
2005-02-04 16:35:59
[SECURITY] [DSA 667-1] New squid packages fix several vulnerabilities
2005-02-04 16:35:59
[SECURITY] [DSA 651-1] New squid packages fix denial of service
2005-01-20 17:06:36
osv
osv
squid - several
2005-02-04 00:00:00
squid - buffer overflow, integer overflow
2005-01-20 00:00:00
freebsd
freebsd
squid -- denial-of-service vulnerabilities
2005-01-16 00:00:00
squid -- denial of service with forged WCCP messages
2005-01-07 00:00:00
squid -- possible cache-poisoning via malformed HTTP responses
2005-01-24 00:00:00
cert
cert
mod_python vulnerable to information disclosure via crafted URL
2005-02-21 00:00:00
Squid fails to properly handle oversized reply headers
2005-02-04 00:00:00
Multiple devices process HTTP requests inconsistently
2005-02-04 00:00:00
checkpoint_advisories
checkpoint_advisories
Squid Proxy Oversized Reply Header Handling - Improved Performance (CVE-2005-0241)
2013-05-29 00:00:00
Squid WCCP Message Parsing Denial Of Service (CVE-2005-0095)
2009-10-26 00:00:00
Squid Gopher Protocol Handling Buffer Overflow (CVE-2005-0094)
2009-12-15 00:00:00
cve
cve
debiancve
debiancve
ubuntucve
ubuntucve
suse
suse
remote denial of service in squid
2005-02-22 13:31:16
prion
prion
Buffer overflow
2011-09-06 15:55:00