ID SUSE-SA:2005:006 Type suse Reporter Suse Modified 2005-02-10T15:13:39
Description
Squid is a feature-rich web-proxy with support for various web-related protocols. The last two squid updates from February the 1st and 10th fix several vulnerabilities. The impact of them range from remote denial-of-service over cache poisoning to possible remote command execution. Due to the hugh amount of bugs the vulnerabilities are just summarized here. CAN-2005-0094 A buffer overflow in the Gopher responses parser leads to memory corruption and usually crash squid.
Solution
There is no workaround known.
{"enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2016-09-04T11:18:00", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["UBUNTU_USN-77-1.NASL", "GENTOO_GLSA-200501-25.NASL", "SUSE_SA_2005_006.NASL", "DEBIAN_DSA-667.NASL", "MANDRAKE_MDKSA-2005-034.NASL", "REDHAT-RHSA-2005-061.NASL", "SQUID_WCCP_AND_GOPHER_FLAWS.NASL", "UBUNTU_USN-67-1.NASL", "REDHAT-RHSA-2005-060.NASL", "GENTOO_GLSA-200502-04.NASL"]}, {"type": "redhat", "idList": ["RHSA-2005:060", "RHSA-2005:061"]}, {"type": "cve", "idList": ["CVE-2005-0175", "CVE-2005-0211", "CVE-2005-0097", "CVE-2005-0096", "CVE-2005-0173", "CVE-2005-0095", "CVE-2005-0241", "CVE-2005-0174", "CVE-2005-0094"]}, {"type": "ubuntu", "idList": ["USN-77-1", "USN-67-1"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231065569", "OPENVAS:65099", "OPENVAS:52196", "OPENVAS:53482", "OPENVAS:136141256231065099", "OPENVAS:54811", "OPENVAS:65569", "OPENVAS:53497", "OPENVAS:53003", "OPENVAS:54836"]}, {"type": "gentoo", "idList": ["GLSA-200502-04", "GLSA-200501-25"]}, {"type": "debian", "idList": ["DEBIAN:DSA-651-1:D07AC", "DEBIAN:DSA-667-1:790C8"]}, {"type": "freebsd", "idList": ["5FE7E27A-64CB-11D9-9E1E-C296AC722CB3", "4E4BD2C2-6BD5-11D9-9E1E-C296AC722CB3", "B4D94FA0-6E38-11D9-9E1E-C296AC722CB3", "BFDA39DE-7467-11D9-9E1E-C296AC722CB3", "5BF1A715-CC57-440F-B0A5-6406961C54A7", "23FB5A04-722B-11D9-9E1E-C296AC722CB3", "184AB9E0-64CD-11D9-9E1E-C296AC722CB3", "7A921E9E-68B1-11D9-9E1E-C296AC722CB3"]}, {"type": "cert", "idList": ["VU:823350", "VU:886006", "VU:356409", "VU:768702", "VU:924198"]}, {"type": "osvdb", "idList": ["OSVDB:13319", "OSVDB:12816", "OSVDB:13732", "OSVDB:13054", "OSVDB:13114", "OSVDB:13345", "OSVDB:12887", "OSVDB:13346", "OSVDB:12886"]}, {"type": "suse", "idList": ["SUSE-SA:2005:008"]}], "modified": "2016-09-04T11:18:00", "rev": 2}, "vulnersScore": 7.2}, "published": "2005-02-10T15:13:39", "id": "SUSE-SA:2005:006", "modified": "2005-02-10T15:13:39", "reporter": "Suse", "history": [], "bulletinFamily": "unix", "viewCount": 3, "objectVersion": "1.2", "affectedPackage": [{"packageFilename": "squid-2.5.STABLE5-42.27.i586.rpm", "packageName": "squid", "packageVersion": "2.5.STABLE5-42.27", "operator": "lt", "OSVersion": "9.1", "OS": "openSUSE", "arch": "i586"}, {"packageFilename": "squid-2.5.STABLE5-42.27.x86_64.rpm", "packageName": "squid", "packageVersion": "2.5.STABLE5-42.27", "operator": "lt", "OSVersion": "9.1", "OS": "openSUSE", "arch": "x86_64"}, {"packageFilename": "squid-2.5.STABLE3-118.i586.rpm", "packageName": "squid", "packageVersion": "2.5.STABLE3-118", "operator": "lt", "OSVersion": "9.0", "OS": "openSUSE", "arch": "i586"}, {"packageFilename": "squid-2.5.STABLE1-106.i586.rpm", "packageName": "squid", "packageVersion": "2.5.STABLE1-106", "operator": "lt", "OSVersion": "8.2", "OS": "openSUSE", "arch": "i586"}, {"packageFilename": "squid-2.4.STABLE7-288.i586.rpm", "packageName": "squid", "packageVersion": "2.4.STABLE7-288", "operator": "lt", "OSVersion": "8.1", "OS": "openSUSE", "arch": "i586"}, {"packageFilename": "squid-2.5.STABLE3-118.x86_64.rpm", "packageName": "squid", "packageVersion": "2.5.STABLE3-118", "operator": "lt", "OSVersion": "9.0", "OS": "openSUSE", "arch": "x86_64"}, {"packageFilename": "squid-2.5.STABLE6-6.6.i586.rpm", "packageName": "squid", "packageVersion": "2.5.STABLE6-6.6", "operator": "lt", "OSVersion": "9.2", "OS": "openSUSE", "arch": "i586"}, {"packageFilename": "squid-2.5.STABLE6-6.6.x86_64.rpm", "packageName": "squid", "packageVersion": "2.5.STABLE6-6.6", "operator": "lt", "OSVersion": "9.2", "OS": "openSUSE", "arch": "x86_64"}], "hash": "8de38e7dd38ce07ec31fc9a344ab5814ac61a70719d985d94b6de4543cb35218", "title": "remote command execution in squid", "references": [], "cvelist": ["CVE-2005-0095", "CVE-2005-0094", "CVE-2005-0211", "CVE-2005-0241", "CVE-2005-0173", "CVE-2005-0175", "CVE-2005-0096", "CVE-2005-0174", "CVE-2005-0097"], "description": "Squid is a feature-rich web-proxy with support for various web-related protocols. The last two squid updates from February the 1st and 10th fix several vulnerabilities. The impact of them range from remote denial-of-service over cache poisoning to possible remote command execution. Due to the hugh amount of bugs the vulnerabilities are just summarized here. CAN-2005-0094 A buffer overflow in the Gopher responses parser leads to memory corruption and usually crash squid.\n#### Solution\nThere is no workaround known.", "type": "suse", "href": "http://lists.opensuse.org/opensuse-security-announce/2005-02/msg00015.html", "lastseen": "2016-09-04T11:18:00", "edition": 1, "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}
{"nessus": [{"lastseen": "2020-08-01T05:00:29", "bulletinFamily": "scanner", "description": "The remote host is missing the patch for the advisory SUSE-SA:2005:006 (squid).\n\n\nSquid is a feature-rich web-proxy with support for various web-related\nprotocols.\nThe last two squid updates from February the 1st and 10th fix several\nvulnerabilities. The impact of them range from remote denial-of-service\nover cache poisoning to possible remote command execution.\nDue to the hugh amount of bugs the vulnerabilities are just summarized\nhere.\n\nCVE-2005-0094\nA buffer overflow in the Gopher responses parser leads\nto memory corruption and usually crash squid.\n\nCVE-2005-0095\nAn integer overflow in the receiver of WCCP (Web Cache\nCommunication Protocol) messages can be exploited remotely\nby sending a specially crafted UDP datagram to crash squid.\n\nCVE-2005-0096\nA memory leak in the NTLM fakeauth_auth helper for\nSquid 2.5.STABLE7 and earlier allows remote attackers\nto cause a denial-of-service due to uncontrolled memory\nconsumption.\n\nCVE-2005-0097 \nThe NTLM component in Squid 2.5.STABLE7 and earlier allows\nremote attackers to cause a crash od squid by sending a\nmalformed NTLM message. \n\nCVE-2005-0173\nLDAP handles search filters very laxly. This behaviour can\nbe abused to log in using several variants of a login name,\npossibly bypassing explicit access controls or confusing\naccounting.\n\nCVE-2005-0175 and CVE-2005-0174\nMinor problems in the HTTP header parsing code that\ncan be used for cache poisoning.\n\nCVE-2005-0211\nA buffer overflow in the WCCP handling code in Squid 2.5\nbefore 2.5.STABLE7 allows remote attackers to cause a\ndenial-of-service and possibly execute arbitrary code\nby using a long WCCP packet.\n\nCVE-2005-0241\nThe httpProcessReplyHeader function in Squid 2.5-STABLE7\nand earlier does not properly set the debug context when\nit is handling ", "modified": "2020-08-02T00:00:00", "id": "SUSE_SA_2005_006.NASL", "href": "https://www.tenable.com/plugins/nessus/16372", "published": "2005-02-10T00:00:00", "title": "SUSE-SA:2005:006: squid", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2005:006\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(16372);\n script_version (\"1.10\");\n if ( NASL_LEVEL >= 2200 ) script_cve_id(\"CVE-2005-0094\", \"CVE-2005-0095\", \"CVE-2005-0096\", \"CVE-2005-0097\", \"CVE-2005-0173\", \"CVE-2005-0174\", \"CVE-2005-0175\", \"CVE-2005-0211\", \"CVE-2005-0241\");\n \n name[\"english\"] = \"SUSE-SA:2005:006: squid\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2005:006 (squid).\n\n\nSquid is a feature-rich web-proxy with support for various web-related\nprotocols.\nThe last two squid updates from February the 1st and 10th fix several\nvulnerabilities. The impact of them range from remote denial-of-service\nover cache poisoning to possible remote command execution.\nDue to the hugh amount of bugs the vulnerabilities are just summarized\nhere.\n\nCVE-2005-0094\nA buffer overflow in the Gopher responses parser leads\nto memory corruption and usually crash squid.\n\nCVE-2005-0095\nAn integer overflow in the receiver of WCCP (Web Cache\nCommunication Protocol) messages can be exploited remotely\nby sending a specially crafted UDP datagram to crash squid.\n\nCVE-2005-0096\nA memory leak in the NTLM fakeauth_auth helper for\nSquid 2.5.STABLE7 and earlier allows remote attackers\nto cause a denial-of-service due to uncontrolled memory\nconsumption.\n\nCVE-2005-0097 \nThe NTLM component in Squid 2.5.STABLE7 and earlier allows\nremote attackers to cause a crash od squid by sending a\nmalformed NTLM message. \n\nCVE-2005-0173\nLDAP handles search filters very laxly. This behaviour can\nbe abused to log in using several variants of a login name,\npossibly bypassing explicit access controls or confusing\naccounting.\n\nCVE-2005-0175 and CVE-2005-0174\nMinor problems in the HTTP header parsing code that\ncan be used for cache poisoning.\n\nCVE-2005-0211\nA buffer overflow in the WCCP handling code in Squid 2.5\nbefore 2.5.STABLE7 allows remote attackers to cause a\ndenial-of-service and possibly execute arbitrary code\nby using a long WCCP packet.\n\nCVE-2005-0241\nThe httpProcessReplyHeader function in Squid 2.5-STABLE7\nand earlier does not properly set the debug context when\nit is handling 'oversized' HTTP reply headers. The impact\nis unknown.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.suse.de/security/advisories/2005_06_squid.html\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/02/10\");\n script_cvs_date(\"Date: 2019/10/25 13:36:28\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the squid package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"squid-2.4.STABLE7-288\", release:\"SUSE8.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"squid-2.5.STABLE1-106\", release:\"SUSE8.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"squid-2.5.STABLE3-118\", release:\"SUSE9.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"squid-2.5.STABLE5-42.27\", release:\"SUSE9.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"squid-2.5.STABLE6-6.6\", release:\"SUSE9.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif (rpm_exists(rpm:\"squid-\", release:\"SUSE8.1\")\n || rpm_exists(rpm:\"squid-\", release:\"SUSE8.2\")\n || rpm_exists(rpm:\"squid-\", release:\"SUSE9.0\")\n || rpm_exists(rpm:\"squid-\", release:\"SUSE9.1\")\n || rpm_exists(rpm:\"squid-\", release:\"SUSE9.2\") )\n{\n set_kb_item(name:\"CVE-2005-0094\", value:TRUE);\n set_kb_item(name:\"CVE-2005-0095\", value:TRUE);\n set_kb_item(name:\"CVE-2005-0096\", value:TRUE);\n set_kb_item(name:\"CVE-2005-0097\", value:TRUE);\n set_kb_item(name:\"CVE-2005-0173\", value:TRUE);\n set_kb_item(name:\"CVE-2005-0174\", value:TRUE);\n set_kb_item(name:\"CVE-2005-0175\", value:TRUE);\n set_kb_item(name:\"CVE-2005-0211\", value:TRUE);\n set_kb_item(name:\"CVE-2005-0241\", value:TRUE);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-01T04:22:27", "bulletinFamily": "scanner", "description": "An updated Squid package that fixes several security issues is now\navailable.\n\nSquid is a full-featured Web proxy cache.\n\nA buffer overflow flaw was found in the Gopher relay parser. This bug\ncould allow a remote Gopher server to crash the Squid proxy that reads\ndata from it. Although Gopher servers are now quite rare, a malicious\nweb page (for example) could redirect or contain a frame pointing to\nan attacker", "modified": "2020-08-02T00:00:00", "id": "REDHAT-RHSA-2005-061.NASL", "href": "https://www.tenable.com/plugins/nessus/16384", "published": "2005-02-14T00:00:00", "title": "RHEL 2.1 / 3 : squid (RHSA-2005:061)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:061. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(16384);\n script_version (\"1.24\");\n script_cvs_date(\"Date: 2019/10/25 13:36:10\");\n\n script_cve_id(\"CVE-2005-0094\", \"CVE-2005-0095\", \"CVE-2005-0096\", \"CVE-2005-0097\", \"CVE-2005-0173\", \"CVE-2005-0174\", \"CVE-2005-0175\", \"CVE-2005-0211\", \"CVE-2005-0241\");\n script_bugtraq_id(12276);\n script_xref(name:\"RHSA\", value:\"2005:061\");\n\n script_name(english:\"RHEL 2.1 / 3 : squid (RHSA-2005:061)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Squid package that fixes several security issues is now\navailable.\n\nSquid is a full-featured Web proxy cache.\n\nA buffer overflow flaw was found in the Gopher relay parser. This bug\ncould allow a remote Gopher server to crash the Squid proxy that reads\ndata from it. Although Gopher servers are now quite rare, a malicious\nweb page (for example) could redirect or contain a frame pointing to\nan attacker's malicious gopher server. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CVE-2005-0094\nto this issue.\n\nAn integer overflow flaw was found in the WCCP message parser. It is\npossible to crash the Squid server if an attacker is able to send a\nmalformed WCCP message with a spoofed source address matching Squid's\n'home router'. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2005-0095 to this issue.\n\nA memory leak was found in the NTLM fakeauth_auth helper. It is\npossible that an attacker could place the Squid server under high\nload, causing the NTML fakeauth_auth helper to consume a large amount\nof memory, resulting in a denial of service. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-0096 to this issue.\n\nA NULL pointer de-reference bug was found in the NTLM fakeauth_auth\nhelper. It is possible for an attacker to send a malformed NTLM type 3\nmessage, causing the Squid server to crash. The Common Vulnerabilities\nand Exposures project (cve.mitre.org) has assigned the name\nCVE-2005-0097 to this issue.\n\nA username validation bug was found in squid_ldap_auth. It is possible\nfor a username to be padded with spaces, which could allow a user to\nbypass explicit access control rules or confuse accounting. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-0173 to this issue.\n\nThe way Squid handles HTTP responses was found to need strengthening.\nIt is possible that a malicious web server could send a series of HTTP\nresponses in such a way that the Squid cache could be poisoned,\npresenting users with incorrect webpages. The Common Vulnerabilities\nand Exposures project (cve.mitre.org) has assigned the names\nCVE-2005-0174 and CVE-2005-0175 to these issues.\n\nA bug was found in the way Squid handled oversized HTTP response\nheaders. It is possible that a malicious web server could send a\nspecially crafted HTTP header which could cause the Squid cache to be\npoisoned, presenting users with incorrect webpages. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-0241 to this issue.\n\nA buffer overflow bug was found in the WCCP message parser. It is\npossible that an attacker could send a malformed WCCP message which\ncould crash the Squid server or execute arbitrary code. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-0211 to this issue.\n\nUsers of Squid should upgrade to this updated package, which contains\nbackported patches, and is not vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0173\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.squid-cache.org/Advisories/SQUID-2005_1.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.squid-cache.org/Advisories/SQUID-2005_2.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.squid-cache.org/Advisories/SQUID-2005_3.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.squid-cache.org/Versions/v2/2.5/bugs/#\"\n );\n # http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?96864d1c\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:061\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected squid package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:squid\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/02/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(2\\.1|3)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:061\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"squid-2.4.STABLE7-1.21as.4\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"squid-2.5.STABLE3-6.3E.7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"squid\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-01T04:22:27", "bulletinFamily": "scanner", "description": "An updated Squid package that fixes several security issues is now\navailable.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nSquid is a full-featured Web proxy cache.\n\nA buffer overflow flaw was found in the Gopher relay parser. This bug\ncould allow a remote Gopher server to crash the Squid proxy that reads\ndata from it. Although Gopher servers are now quite rare, a malicious\nwebpage (for example) could redirect or contain a frame pointing to an\nattacker", "modified": "2020-08-02T00:00:00", "id": "REDHAT-RHSA-2005-060.NASL", "href": "https://www.tenable.com/plugins/nessus/17176", "published": "2005-02-22T00:00:00", "title": "RHEL 4 : squid (RHSA-2005:060)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:060. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17176);\n script_version (\"1.22\");\n script_cvs_date(\"Date: 2019/10/25 13:36:10\");\n\n script_cve_id(\"CVE-2005-0094\", \"CVE-2005-0095\", \"CVE-2005-0096\", \"CVE-2005-0097\", \"CVE-2005-0173\", \"CVE-2005-0174\", \"CVE-2005-0175\", \"CVE-2005-0211\", \"CVE-2005-0241\");\n script_xref(name:\"RHSA\", value:\"2005:060\");\n\n script_name(english:\"RHEL 4 : squid (RHSA-2005:060)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Squid package that fixes several security issues is now\navailable.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nSquid is a full-featured Web proxy cache.\n\nA buffer overflow flaw was found in the Gopher relay parser. This bug\ncould allow a remote Gopher server to crash the Squid proxy that reads\ndata from it. Although Gopher servers are now quite rare, a malicious\nwebpage (for example) could redirect or contain a frame pointing to an\nattacker's malicious gopher server. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CVE-2005-0094\nto this issue.\n\nAn integer overflow flaw was found in the WCCP message parser. It is\npossible to crash the Squid server if an attacker is able to send a\nmalformed WCCP message with a spoofed source address matching Squid's\n'home router'. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2005-0095 to this issue.\n\nA memory leak was found in the NTLM fakeauth_auth helper. It is\npossible that an attacker could place the Squid server under high\nload, causing the NTML fakeauth_auth helper to consume a large amount\nof memory, resulting in a denial of service. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-0096 to this issue.\n\nA NULL pointer de-reference bug was found in the NTLM fakeauth_auth\nhelper. It is possible for an attacker to send a malformed NTLM type 3\nmessage, causing the Squid server to crash. The Common Vulnerabilities\nand Exposures project (cve.mitre.org) has assigned the name\nCVE-2005-0097 to this issue.\n\nA username validation bug was found in squid_ldap_auth. It is possible\nfor a username to be padded with spaces, which could allow a user to\nbypass explicit access control rules or confuse accounting. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-0173 to this issue.\n\nThe way Squid handles HTTP responses was found to need strengthening.\nIt is possible that a malicious Web server could send a series of HTTP\nresponses in such a way that the Squid cache could be poisoned,\npresenting users with incorrect webpages. The Common Vulnerabilities\nand Exposures project (cve.mitre.org) has assigned the names\nCVE-2005-0174 and CVE-2005-0175 to these issues.\n\nA bug was found in the way Squid handled oversized HTTP response\nheaders. It is possible that a malicious Web server could send a\nspecially crafted HTTP header which could cause the Squid cache to be\npoisoned, presenting users with incorrect webpages. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-0241 to this issue.\n\nA buffer overflow bug was found in the WCCP message parser. It is\npossible that an attacker could send a malformed WCCP message which\ncould crash the Squid server or execute arbitrary code. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-0211 to this issue.\n\nUsers of Squid should upgrade to this updated package, which contains\nbackported patches, and is not vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0173\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.squid-cache.org/Advisories/SQUID-2005_1.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.squid-cache.org/Advisories/SQUID-2005_2.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.squid-cache.org/Advisories/SQUID-2005_3.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.squid-cache.org/Versions/v2/2.5/bugs/#\"\n );\n # http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?96864d1c\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:060\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected squid package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:squid\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/02/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/02/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:060\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"squid-2.5.STABLE6-3.4E.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"squid\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-01T04:59:02", "bulletinFamily": "scanner", "description": "According to its version number, the remote Squid caching proxy is\naffected by several security flaws :\n\n - There is a buffer overflow when handling the reply of a\n rogue gopher site. (CVE-2005-0094)\n\n - There is a denial of service vulnerability in the WCCP\n code of the remote proxy. (CVE-2005-0095)\n\n - There is a buffer overflow in the WCCP code that may\n allow an attacker to execute arbitrary code on the\n remote host. (CVE-2005-0211)\n\n - There is a flaw in the ", "modified": "2020-08-02T00:00:00", "id": "SQUID_WCCP_AND_GOPHER_FLAWS.NASL", "href": "https://www.tenable.com/plugins/nessus/16190", "published": "2005-01-18T00:00:00", "title": "Squid < 2.5.STABLE8 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(16190);\n script_version(\"1.23\");\n script_cvs_date(\"Date: 2018/07/30 15:31:32\");\n\n script_cve_id(\"CVE-2005-0094\", \"CVE-2005-0095\", \"CVE-2005-0173\", \"CVE-2005-0174\", \"CVE-2005-0175\", \"CVE-2005-0211\", \"CVE-2005-0241\");\n script_bugtraq_id(12275, 12276, 12412, 12433, 12432, 12431, 13434, 13435);\n\n script_name(english:\"Squid < 2.5.STABLE8 Multiple Vulnerabilities\");\n script_summary(english:\"Determines squid version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote proxy server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the remote Squid caching proxy is\naffected by several security flaws :\n\n - There is a buffer overflow when handling the reply of a\n rogue gopher site. (CVE-2005-0094)\n\n - There is a denial of service vulnerability in the WCCP\n code of the remote proxy. (CVE-2005-0095)\n\n - There is a buffer overflow in the WCCP code that may\n allow an attacker to execute arbitrary code on the\n remote host. (CVE-2005-0211)\n\n - There is a flaw in the 'squid_ldap_auth' module that may\n allow an attacker to bypass authentication and to gain\n access to the remote proxy. (CVE-2005-0173)\n\n - There is a flaw in the way Squid parses HTTP reply\n headers. (CVE-2005-0241)\n\n - There is a weakness that may allow for cache poisoning\n via\n HTTP response splitting. (CVE-2005-0175)\n\n - There is a weakness that may allow for cache poisoning\n via\n crafted malformed headers. (CVE-2005-0174)\n\nNote that this may be a false-positive given the way the Squid team\nhandles releases. Make sure that all the appropriate patches have been\napplied.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.squid-cache.org/Versions/v2/2.5/bugs/\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Squid 2.5.STABLE8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/01/18\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:squid-cache:squid\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Firewalls\");\n\n script_dependencie(\"squid_version.nasl\");\n script_require_keys(\"www/squid\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/http_proxy\", 3128, 8080);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# Build a list of ports from the\nlist = get_kb_list(\"http_proxy/*/squid/version\");\nif (isnull(list)) exit(0, \"The host does not appear to be running a Squid proxy server.\");\n\nvulnerable = FALSE;\nforeach item (keys(list))\n{\n port = ereg_replace(pattern:'^http_proxy/([0-9]+)/squid/version', replace:'\\\\1', string:item);\n version = list[item];\n source = get_kb_item('http_proxy/'+port+'/squid/source');\n\n if (\n version =~ '^2\\\\.[0-4]\\\\.' ||\n version =~ '^2\\\\.5\\\\.STABLE[0-7]([^0-9]|$)'\n )\n {\n vulnerable = TRUE;\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 2.5.STABLE8' + '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port:port);\n }\n}\nif (!vulnerable)\n{\n exit(0, \"No vulnerable Squid installs were detected on the remote host.\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-01T05:40:28", "bulletinFamily": "scanner", "description": "infamous41md discovered several Denial of Service vulnerabilities in\nsquid.\n\nA malicious Gopher server could crash squid by sending a line bigger\nthan 4096 bytes. (CAN-2005-0094)\n\nIf squid is configured to send WCPP (Web Cache Communication Protocol)\nmessages to a ", "modified": "2020-08-02T00:00:00", "id": "UBUNTU_USN-67-1.NASL", "href": "https://www.tenable.com/plugins/nessus/20687", "published": "2006-01-15T00:00:00", "title": "Ubuntu 4.10 : squid vulnerabilities (USN-67-1)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-67-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20687);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:33:00\");\n\n script_cve_id(\"CVE-2005-0094\", \"CVE-2005-0095\", \"CVE-2005-0096\", \"CVE-2005-0097\");\n script_xref(name:\"USN\", value:\"67-1\");\n\n script_name(english:\"Ubuntu 4.10 : squid vulnerabilities (USN-67-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"infamous41md discovered several Denial of Service vulnerabilities in\nsquid.\n\nA malicious Gopher server could crash squid by sending a line bigger\nthan 4096 bytes. (CAN-2005-0094)\n\nIf squid is configured to send WCPP (Web Cache Communication Protocol)\nmessages to a 'home router', an attacker who was able to send UDP\npackets with a forged source address of this router could crash the\n\nerver with a specially crafted WCPP message. (CAN-2005-0095)\n\nPrevious versions of squid have a memory leak which gradually cause\nmemory exhaustion and eventual termination. (CAN-2005-0096)\n\nA remote attacker could crash the server by sending a specially\ncrafted NTLM type 3 packet. (CAN-2005-0097).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:squid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:squid-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:squid-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:squidclient\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"squid\", pkgver:\"2.5.5-6ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"squid-cgi\", pkgver:\"2.5.5-6ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"squid-common\", pkgver:\"2.5.5-6ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"squidclient\", pkgver:\"2.5.5-6ubuntu0.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"squid / squid-cgi / squid-common / squidclient\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-08-01T02:25:16", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200501-25\n(Squid: Multiple vulnerabilities)\n\n Squid contains a vulnerability in the gopherToHTML function\n (CAN-2005-0094) and incorrectly checks the ", "modified": "2020-08-02T00:00:00", "id": "GENTOO_GLSA-200501-25.NASL", "href": "https://www.tenable.com/plugins/nessus/16416", "published": "2005-02-14T00:00:00", "title": "GLSA-200501-25 : Squid: Multiple vulnerabilities", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200501-25.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(16416);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/08/02 13:32:42\");\n\n script_cve_id(\"CVE-2005-0094\", \"CVE-2005-0095\", \"CVE-2005-0096\", \"CVE-2005-0097\", \"CVE-2005-0194\");\n script_xref(name:\"GLSA\", value:\"200501-25\");\n\n script_name(english:\"GLSA-200501-25 : Squid: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200501-25\n(Squid: Multiple vulnerabilities)\n\n Squid contains a vulnerability in the gopherToHTML function\n (CAN-2005-0094) and incorrectly checks the 'number of caches' field\n when parsing WCCP_I_SEE_YOU messages (CAN-2005-0095). Furthermore the\n NTLM code contains two errors. One is a memory leak in the\n fakeauth_auth helper (CAN-2005-0096) and the other is a NULL pointer\n dereferencing error (CAN-2005-0097). Finally Squid also contains an\n error in the ACL parsing code (CAN-2005-0194).\n \nImpact :\n\n With the WCCP issue an attacker could cause denial of service by\n sending a specially crafted UDP packet. With the Gopher issue an\n attacker might be able to execute arbitrary code by enticing a user to\n connect to a malicious Gopher server. The NTLM issues could lead to\n denial of service by memory consumption or by crashing Squid. The ACL\n issue could lead to ACL bypass.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # http://secunia.com/advisories/13825/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://secuniaresearch.flexerasoftware.com/advisories/13825/\"\n );\n # http://secunia.com/advisories/13789/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://secuniaresearch.flexerasoftware.com/advisories/13789/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200501-25\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Squid users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-proxy/squid-2.5.7-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:squid\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-proxy/squid\", unaffected:make_list(\"ge 2.5.7-r2\"), vulnerable:make_list(\"lt 2.5.7-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Squid\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-01T05:40:29", "bulletinFamily": "scanner", "description": "A possible authentication bypass was discovered in the LDAP\nauthentication backend. LDAP ignores leading and trailing whitespace\nin search filters. This could possibly be abused to bypass explicit\naccess controls or confuse accounting when using several variants of\nthe login name. (CAN-2005-0173)\n\nPrevious Squid versions were not strict enough while parsing HTTP\nrequests and responses. Various violations of the HTTP protocol, such\nas multiple Content-Length header lines, invalid ", "modified": "2020-08-02T00:00:00", "id": "UBUNTU_USN-77-1.NASL", "href": "https://www.tenable.com/plugins/nessus/20699", "published": "2006-01-15T00:00:00", "title": "Ubuntu 4.10 : squid vulnerabilities (USN-77-1)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-77-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20699);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:33:00\");\n\n script_cve_id(\"CVE-2005-0173\", \"CVE-2005-0174\", \"CVE-2005-0175\", \"CVE-2005-0211\");\n script_xref(name:\"USN\", value:\"77-1\");\n\n script_name(english:\"Ubuntu 4.10 : squid vulnerabilities (USN-77-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A possible authentication bypass was discovered in the LDAP\nauthentication backend. LDAP ignores leading and trailing whitespace\nin search filters. This could possibly be abused to bypass explicit\naccess controls or confuse accounting when using several variants of\nthe login name. (CAN-2005-0173)\n\nPrevious Squid versions were not strict enough while parsing HTTP\nrequests and responses. Various violations of the HTTP protocol, such\nas multiple Content-Length header lines, invalid 'Carriage Return'\ncharacters, and HTTP header names containing whitespace, led to cache\npollution and could possibly be exploited to deliver wrong content to\nclients. (CAN-2005-0174)\n\nSquid was susceptible to a cache poisoning attack called 'HTTP\nresponse splitting', where false replies are injected in the HTTP\nstream. This allowed malicious web servers to forge wrong cache\ncontent for arbitrary websites, which was then delivered to Squid\nclients. (CAN-2005-0175)\n\nThe FSC Vulnerability Research Team discovered a buffer overflow in\nthe WCCP handling protocol. By sending an overly large WCCP packet, a\nremote attacker could crash the Squid server, and possibly even\nexecute arbitrary code with the privileges of the 'proxy' user.\n(CAN-2005-0211).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:squid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:squid-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:squid-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:squidclient\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"squid\", pkgver:\"2.5.5-6ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"squid-cgi\", pkgver:\"2.5.5-6ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"squid-common\", pkgver:\"2.5.5-6ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"squidclient\", pkgver:\"2.5.5-6ubuntu0.4\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"squid / squid-cgi / squid-common / squidclient\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-01T01:32:50", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in Squid, the internet\nobject cache, the popular WWW proxy cache. The Common Vulnerabilities\nand Exposures project identifies the following vulnerabilities :\n\n - CAN-2005-0173\n LDAP is very forgiving about spaces in search filters\n and this could be abused to log in using several\n variants of the login name, possibly bypassing explicit\n access controls or confusing accounting.\n\n - CAN-2005-0175\n\n Cache pollution/poisoning via HTTP response splitting\n has been discovered.\n\n - CAN-2005-0194\n\n The meaning of the access controls becomes somewhat\n confusing if any of the referenced ACLs (access control\n lists) is declared empty, without any members.\n\n - CAN-2005-0211\n\n The length argument of the WCCP recvfrom() call is\n larger than it should be. An attacker may send a larger\n than normal WCCP packet that could overflow a buffer.", "modified": "2020-08-02T00:00:00", "id": "DEBIAN_DSA-667.NASL", "href": "https://www.tenable.com/plugins/nessus/16341", "published": "2005-02-10T00:00:00", "title": "Debian DSA-667-1 : squid - several vulnerabilities", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-667. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(16341);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2019/08/02 13:32:18\");\n\n script_cve_id(\"CVE-2005-0173\", \"CVE-2005-0174\", \"CVE-2005-0175\", \"CVE-2005-0194\", \"CVE-2005-0211\");\n script_xref(name:\"CERT\", value:\"625878\");\n script_xref(name:\"CERT\", value:\"886006\");\n script_xref(name:\"CERT\", value:\"924198\");\n script_xref(name:\"DSA\", value:\"667\");\n\n script_name(english:\"Debian DSA-667-1 : squid - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in Squid, the internet\nobject cache, the popular WWW proxy cache. The Common Vulnerabilities\nand Exposures project identifies the following vulnerabilities :\n\n - CAN-2005-0173\n LDAP is very forgiving about spaces in search filters\n and this could be abused to log in using several\n variants of the login name, possibly bypassing explicit\n access controls or confusing accounting.\n\n - CAN-2005-0175\n\n Cache pollution/poisoning via HTTP response splitting\n has been discovered.\n\n - CAN-2005-0194\n\n The meaning of the access controls becomes somewhat\n confusing if any of the referenced ACLs (access control\n lists) is declared empty, without any members.\n\n - CAN-2005-0211\n\n The length argument of the WCCP recvfrom() call is\n larger than it should be. An attacker may send a larger\n than normal WCCP packet that could overflow a buffer.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-667\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the squid package.\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 2.4.6-2woody6.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squid\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/02/10\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/12/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"squid\", reference:\"2.4.6-2woody6\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"squid-cgi\", reference:\"2.4.6-2woody6\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"squidclient\", reference:\"2.4.6-2woody6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-01T02:25:16", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200502-04\n(Squid: Multiple vulnerabilities)\n\n Squid contains several vulnerabilities:\n Buffer overflow when handling WCCP recvfrom()\n (CAN-2005-0211).\n Loose checking of HTTP headers (CAN-2005-0173 and\n CAN-2005-0174).\n Incorrect handling of LDAP login names with spaces\n (CAN-2005-0175).\n \nImpact :\n\n An attacker could exploit:\n the WCCP buffer overflow to cause Denial of Service.\n the HTTP header parsing vulnerabilities to inject arbitrary\n response data, potentially leading to content spoofing, web cache\n poisoning and other cross-site scripting or HTTP response splitting\n attacks.\n the LDAP issue to login with several variations of the same login\n name, leading to log poisoning.\n \nWorkaround :\n\n There is no known workaround at this time.", "modified": "2020-08-02T00:00:00", "id": "GENTOO_GLSA-200502-04.NASL", "href": "https://www.tenable.com/plugins/nessus/16441", "published": "2005-02-14T00:00:00", "title": "GLSA-200502-04 : Squid: Multiple vulnerabilities", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200502-04.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(16441);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/08/02 13:32:42\");\n\n script_cve_id(\"CVE-2005-0173\", \"CVE-2005-0174\", \"CVE-2005-0175\", \"CVE-2005-0211\");\n script_xref(name:\"GLSA\", value:\"200502-04\");\n\n script_name(english:\"GLSA-200502-04 : Squid: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200502-04\n(Squid: Multiple vulnerabilities)\n\n Squid contains several vulnerabilities:\n Buffer overflow when handling WCCP recvfrom()\n (CAN-2005-0211).\n Loose checking of HTTP headers (CAN-2005-0173 and\n CAN-2005-0174).\n Incorrect handling of LDAP login names with spaces\n (CAN-2005-0175).\n \nImpact :\n\n An attacker could exploit:\n the WCCP buffer overflow to cause Denial of Service.\n the HTTP header parsing vulnerabilities to inject arbitrary\n response data, potentially leading to content spoofing, web cache\n poisoning and other cross-site scripting or HTTP response splitting\n attacks.\n the LDAP issue to login with several variations of the same login\n name, leading to log poisoning.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200502-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Squid users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-proxy/squid-2.5.7-r5'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:squid\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/02/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-proxy/squid\", unaffected:make_list(\"ge 2.5.7-r5\"), vulnerable:make_list(\"lt 2.5.7-r5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Squid\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-01T03:22:44", "bulletinFamily": "scanner", "description": "More vulnerabilities were discovered in the squid server :\n\nThe LDAP handling of search filters was inadequate which could be\nabused to allow logins using severial variants of a single login name,\npossibly bypassing explicit access controls (CVE-2005-0173).\n\nMinor problems in the HTTP header parsing code that could be used for\ncache poisoning (CVE-2005-0174 and CVE-2005-0175).\n\nA buffer overflow in the WCCP handling code allowed remote attackers\nto cause a Denial of Service and could potentially allow for the\nexecution of arbitrary code by using a long WCCP packet.\n\nThe updated packages have been patched to prevent these problems.", "modified": "2020-08-02T00:00:00", "id": "MANDRAKE_MDKSA-2005-034.NASL", "href": "https://www.tenable.com/plugins/nessus/16377", "published": "2005-02-11T00:00:00", "title": "Mandrake Linux Security Advisory : squid (MDKSA-2005:034)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:034. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(16377);\n script_version (\"1.17\");\n script_cvs_date(\"Date: 2019/08/02 13:32:47\");\n\n script_cve_id(\"CVE-2005-0173\", \"CVE-2005-0174\", \"CVE-2005-0175\", \"CVE-2005-0211\");\n script_xref(name:\"MDKSA\", value:\"2005:034\");\n\n script_name(english:\"Mandrake Linux Security Advisory : squid (MDKSA-2005:034)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandrake Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"More vulnerabilities were discovered in the squid server :\n\nThe LDAP handling of search filters was inadequate which could be\nabused to allow logins using severial variants of a single login name,\npossibly bypassing explicit access controls (CVE-2005-0173).\n\nMinor problems in the HTTP header parsing code that could be used for\ncache poisoning (CVE-2005-0174 and CVE-2005-0175).\n\nA buffer overflow in the WCCP handling code allowed remote attackers\nto cause a Denial of Service and could potentially allow for the\nexecution of arbitrary code by using a long WCCP packet.\n\nThe updated packages have been patched to prevent these problems.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.squid-cache.org/Advisories/SQUID-2005_3.txt\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected squid package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:squid\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/02/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", reference:\"squid-2.5.STABLE4-2.4.100mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.1\", reference:\"squid-2.5.STABLE6-2.3.101mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.2\", reference:\"squid-2.5.STABLE3-3.6.92mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:57", "bulletinFamily": "unix", "description": "Squid is a full-featured Web proxy cache.\n\nA buffer overflow flaw was found in the Gopher relay parser. This bug\ncould allow a remote Gopher server to crash the Squid proxy that reads data\nfrom it. Although Gopher servers are now quite rare, a malicious webpage\n(for example) could redirect or contain a frame pointing to an attacker's\nmalicious gopher server. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2005-0094 to this issue.\n\nAn integer overflow flaw was found in the WCCP message parser. It is\npossible to crash the Squid server if an attacker is able to send a\nmalformed WCCP message with a spoofed source address matching Squid's\n\"home router\". The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2005-0095 to this issue.\n\nA memory leak was found in the NTLM fakeauth_auth helper. It is possible\nthat an attacker could place the Squid server under high load, causing the\nNTML fakeauth_auth helper to consume a large amount of memory, resulting in\na denial of service. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2005-0096 to this issue.\n\nA NULL pointer de-reference bug was found in the NTLM fakeauth_auth helper.\nIt is possible for an attacker to send a malformed NTLM type 3 message,\ncausing the Squid server to crash. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2005-0097 to\nthis issue.\n\nA username validation bug was found in squid_ldap_auth. It is possible for\na username to be padded with spaces, which could allow a user to bypass\nexplicit access control rules or confuse accounting. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2005-0173 to this issue.\n\nThe way Squid handles HTTP responses was found to need strengthening. It is\npossible that a malicious Web server could send a series of HTTP responses\nin such a way that the Squid cache could be poisoned, presenting users with\nincorrect webpages. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the names CAN-2005-0174 and CAN-2005-0175 to\nthese issues.\n\nA bug was found in the way Squid handled oversized HTTP response headers.\nIt is possible that a malicious Web server could send a specially crafted\nHTTP header which could cause the Squid cache to be poisoned, presenting\nusers with incorrect webpages. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CAN-2005-0241 to this issue.\n\nA buffer overflow bug was found in the WCCP message parser. It is possible\nthat an attacker could send a malformed WCCP message which could crash the\nSquid server or execute arbitrary code. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2005-0211\nto this issue.\n\nUsers of Squid should upgrade to this updated package, which contains\nbackported patches, and is not vulnerable to these issues.", "modified": "2017-09-08T12:11:54", "published": "2005-02-15T05:00:00", "id": "RHSA-2005:060", "href": "https://access.redhat.com/errata/RHSA-2005:060", "type": "redhat", "title": "(RHSA-2005:060) squid security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:47:15", "bulletinFamily": "unix", "description": "Squid is a full-featured Web proxy cache.\n\nA buffer overflow flaw was found in the Gopher relay parser. This bug\ncould allow a remote Gopher server to crash the Squid proxy that reads data\nfrom it. Although Gopher servers are now quite rare, a malicious web page\n(for example) could redirect or contain a frame pointing to an attacker's\nmalicious gopher server. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2005-0094 to this issue.\n\nAn integer overflow flaw was found in the WCCP message parser. It is\npossible to crash the Squid server if an attacker is able to send a\nmalformed WCCP message with a spoofed source address matching Squid's\n\"home router\". The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2005-0095 to this issue.\n\nA memory leak was found in the NTLM fakeauth_auth helper. It is possible\nthat an attacker could place the Squid server under high load, causing the\nNTML fakeauth_auth helper to consume a large amount of memory, resulting in\na denial of service. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2005-0096 to this issue.\n\nA NULL pointer de-reference bug was found in the NTLM fakeauth_auth helper.\nIt is possible for an attacker to send a malformed NTLM type 3 message,\ncausing the Squid server to crash. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2005-0097 to\nthis issue.\n\nA username validation bug was found in squid_ldap_auth. It is possible for\na username to be padded with spaces, which could allow a user to bypass\nexplicit access control rules or confuse accounting. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2005-0173 to this issue.\n\nThe way Squid handles HTTP responses was found to need strengthening. It is\npossible that a malicious web server could send a series of HTTP responses\nin such a way that the Squid cache could be poisoned, presenting users with\nincorrect webpages. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the names CAN-2005-0174 and CAN-2005-0175 to\nthese issues.\n\nA bug was found in the way Squid handled oversized HTTP response headers.\nIt is possible that a malicious web server could send a specially crafted\nHTTP header which could cause the Squid cache to be poisoned, presenting\nusers with incorrect webpages. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CAN-2005-0241 to this issue.\n\nA buffer overflow bug was found in the WCCP message parser. It is possible\nthat an attacker could send a malformed WCCP message which could crash the\nSquid server or execute arbitrary code. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2005-0211\nto this issue.\n\nUsers of Squid should upgrade to this updated package, which contains\nbackported patches, and is not vulnerable to these issues.", "modified": "2019-03-22T23:43:19", "published": "2005-02-11T05:00:00", "id": "RHSA-2005:061", "href": "https://access.redhat.com/errata/RHSA-2005:061", "type": "redhat", "title": "(RHSA-2005:061) squid security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-07-24T12:50:02", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200501-25.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=54811", "id": "OPENVAS:54811", "title": "Gentoo Security Advisory GLSA 200501-25 (squid)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Squid contains vulnerabilities in the the code handling NTLM (NT Lan\nManager), Gopher to HTML, ACLs and WCCP (Web Cache Communication Protocol)\nwhich could lead to ACL bypass, denial of service and arbitrary code\nexecution.\";\ntag_solution = \"All Squid users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-proxy/squid-2.5.7-r2'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200501-25\nhttp://bugs.gentoo.org/show_bug.cgi?id=77934\nhttp://bugs.gentoo.org/show_bug.cgi?id=77521\nhttp://secunia.com/advisories/13825/\nhttp://secunia.com/advisories/13789/\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200501-25.\";\n\n \n\nif(description)\n{\n script_id(54811);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2005-0094\", \"CVE-2005-0095\", \"CVE-2005-0096\", \"CVE-2005-0097\", \"CVE-2005-0194\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200501-25 (squid)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"www-proxy/squid\", unaffected: make_list(\"ge 2.5.7-r2\"), vulnerable: make_list(\"lt 2.5.7-r2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:48", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n squid\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5013151 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065099", "id": "OPENVAS:136141256231065099", "title": "SLES9: Security update for squid", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5013151.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for squid\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n squid\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5013151 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65099\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-0094\", \"CVE-2005-0095\", \"CVE-2005-0096\", \"CVE-2005-0097\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES9: Security update for squid\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"squid\", rpm:\"squid~2.5.STABLE5~42.24\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:23", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n squid\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5013151 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65099", "id": "OPENVAS:65099", "title": "SLES9: Security update for squid", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5013151.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for squid\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n squid\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5013151 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65099);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-0094\", \"CVE-2005-0095\", \"CVE-2005-0096\", \"CVE-2005-0097\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES9: Security update for squid\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"squid\", rpm:\"squid~2.5.STABLE5~42.24\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:54", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200502-04.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=54836", "id": "OPENVAS:54836", "title": "Gentoo Security Advisory GLSA 200502-04 (squid)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Squid contains vulnerabilities in the code handling WCCP, HTTP and LDAP\nwhich could lead to Denial of Service, access control bypass, web cache\nand log poisoning.\";\ntag_solution = \"All Squid users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-proxy/squid-2.5.7-r5'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200502-04\nhttp://bugs.gentoo.org/show_bug.cgi?id=79495\nhttp://bugs.gentoo.org/show_bug.cgi?id=78776\nhttp://bugs.gentoo.org/show_bug.cgi?id=80201\nhttp://bugs.gentoo.org/show_bug.cgi?id=80341\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200502-04.\";\n\n \n\nif(description)\n{\n script_id(54836);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2005-0173\", \"CVE-2005-0174\", \"CVE-2005-0175\", \"CVE-2005-0211\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200502-04 (squid)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"www-proxy/squid\", unaffected: make_list(\"ge 2.5.7-r5\"), vulnerable: make_list(\"lt 2.5.7-r5\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:42", "bulletinFamily": "scanner", "description": "The remote host is missing an update to postgresql\nannounced via advisory DSA 667-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53497", "id": "OPENVAS:53497", "title": "Debian Security Advisory DSA 667-1 (postgresql)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_667_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 667-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"John Heasman and others discovered a bug in the PostgreSQL engine\nwhich would allow any user load an arbitrary local library into it.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 7.2.1-2woody7.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 7.4.7-1.\n\nWe recommend that you upgrade your postgresql packages.\";\ntag_summary = \"The remote host is missing an update to postgresql\nannounced via advisory DSA 667-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20667-1\";\n\nif(description)\n{\n script_id(53497);\n script_cve_id(\"CVE-2005-0173\",\"CVE-2005-0175\",\"CVE-2005-0194\",\"CVE-2005-0211\");\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:56:38 +0100 (Thu, 17 Jan 2008)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 667-1 (postgresql)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"7.2.1-2woody7\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libecpg3\", ver:\"7.2.1-2woody7\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpgperl\", ver:\"7.2.1-2woody7\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpgsql2\", ver:\"7.2.1-2woody7\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpgtcl\", ver:\"7.2.1-2woody7\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"odbc-postgresql\", ver:\"7.2.1-2woody7\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pgaccess\", ver:\"7.2.1-2woody7\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"7.2.1-2woody7\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"7.2.1-2woody7\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"7.2.1-2woody7\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-dev\", ver:\"7.2.1-2woody7\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-pygresql\", ver:\"7.2.1-2woody7\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:38", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n squid\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5015273 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065569", "id": "OPENVAS:136141256231065569", "title": "SLES9: Security update for squid", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5015273.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for squid\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n squid\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5015273 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65569\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-0211\", \"CVE-2005-0241\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for squid\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"squid\", rpm:\"squid~2.5.STABLE5~42.27\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:56:00", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n squid\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5015273 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65569", "id": "OPENVAS:65569", "title": "SLES9: Security update for squid", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5015273.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for squid\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n squid\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5015273 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65569);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-0211\", \"CVE-2005-0241\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for squid\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"squid\", rpm:\"squid~2.5.STABLE5~42.27\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:46", "bulletinFamily": "scanner", "description": "The remote host is missing an update to squid\nannounced via advisory DSA 651-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53482", "id": "OPENVAS:53482", "title": "Debian Security Advisory DSA 651-1 (squid)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_651_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 651-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in Squid, the internet\nobject cache, the popular WWW proxy cache. The Common Vulnerabilities\nand Exposures Project identifies the following vulnerabilities:\n\nCVE-2005-0094\n\ninfamous41md discovered a buffer overflow in the parser for\nGopher responses which will lead to memory corruption and usually\ncrash Squid.\n\nCVE-2005-0095\n\ninfamous41md discovered an integer overflow in the receiver of\nWCCP (Web Cache Communication Protocol) messages. An attacker\ncould send a specially crafted UDP datagram that will cause Squid\nto crash.\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 2.4.6-2woody5.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 2.5.7-4.\n\nWe recommend that you upgrade your squid package.\";\ntag_summary = \"The remote host is missing an update to squid\nannounced via advisory DSA 651-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20651-1\";\n\nif(description)\n{\n script_id(53482);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:56:38 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-0094\", \"CVE-2005-0095\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 651-1 (squid)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"squid\", ver:\"2.4.6-2woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squid-cgi\", ver:\"2.4.6-2woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squidclient\", ver:\"2.4.6-2woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:15", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-30T00:00:00", "published": "2008-09-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53003", "id": "OPENVAS:53003", "title": "FreeBSD Ports: squid", "type": "openvas", "sourceData": "#\n#VID 5bf1a715-cc57-440f-b0a5-6406961c54a7\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: squid\n\nCVE-2005-0446\nSquid 2.5.STABLE8 and earlier allows remote attackers to cause a\ndenial of service (crash) via certain DNS responses regarding (1)\nFully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses\nin ipcache.c, which trigger an assertion failure.\n\nCVE-2005-0096\nMemory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and\nearlier allows remote attackers to cause a denial of service (memory\nconsumption).\n\nCVE-2005-0097\nThe NTLM component in Squid 2.5.STABLE7 and earlier allows remote\nattackers to cause a denial of service (crash) via a malformed NTLM\ntype 3 message that triggers a NULL dereference.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert\nhttp://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth\nhttp://www.vuxml.org/freebsd/5bf1a715-cc57-440f-b0a5-6406961c54a7.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(53003);\n script_version(\"$Revision: 4188 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-30 07:56:47 +0200 (Fri, 30 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2005-0446\", \"CVE-2005-0096\", \"CVE-2005-0097\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: squid\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"squid\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.5.9\")<0) {\n txt += 'Package squid version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:17", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-30T00:00:00", "published": "2008-09-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=52196", "id": "OPENVAS:52196", "title": "FreeBSD Ports: squid", "type": "openvas", "sourceData": "#\n#VID bfda39de-7467-11d9-9e1e-c296ac722cb3\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: squid\n\nCVE-2005-0241\nThe httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7\nand earlier does not properly set the debug context when it is\nhandling 'oversized' HTTP reply headers, which might allow remote\nattackers to poison the cache or bypass access controls based on\nheader size.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.squid-cache.org/bugs/show_bug.cgi?id=1216\nhttp://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch\nhttp://www.vuxml.org/freebsd/bfda39de-7467-11d9-9e1e-c296ac722cb3.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52196);\n script_version(\"$Revision: 4188 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-30 07:56:47 +0200 (Fri, 30 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_bugtraq_id(12412);\n script_cve_id(\"CVE-2005-0241\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"FreeBSD Ports: squid\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"squid\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.5.7_12\")<0) {\n txt += 'Package squid version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "ubuntu": [{"lastseen": "2020-07-09T17:37:18", "bulletinFamily": "unix", "description": "infamous41md discovered several Denial of Service vulnerabilities in \nsquid.\n\nA malicious Gopher server could crash squid by sending a line bigger \nthan 4096 bytes. (CAN-2005-0094)\n\nIf squid is configured to send WCPP (Web Cache Communication Protocol) \nmessages to a \"home router\", an attacker who was able to send UDP \npackets with a forged source address of this router could crash the\n\nerver with a specially crafted WCPP message. (CAN-2005-0095)\n\nPrevious versions of squid have a memory leak which gradually cause \nmemory exhaustion and eventual termination. (CAN-2005-0096)\n\nA remote attacker could crash the server by sending a specially \ncrafted NTLM type 3 packet. (CAN-2005-0097)", "modified": "2005-01-21T00:00:00", "published": "2005-01-21T00:00:00", "id": "USN-67-1", "href": "https://ubuntu.com/security/notices/USN-67-1", "title": "Squid vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-09T17:34:31", "bulletinFamily": "unix", "description": "A possible authentication bypass was discovered in the LDAP \nauthentication backend. LDAP ignores leading and trailing whitespace \nin search filters. This could possibly be abused to bypass explicit \naccess controls or confuse accounting when using several variants of \nthe login name. (CAN-2005-0173)\n\nPrevious Squid versions were not strict enough while parsing HTTP \nrequests and responses. Various violations of the HTTP protocol, such \nas multiple Content-Length header lines, invalid \"Carriage Return\" \ncharacters, and HTTP header names containing whitespace, led to cache \npollution and could possibly be exploited to deliver wrong content to \nclients. (CAN-2005-0174)\n\nSquid was susceptible to a cache poisoning attack called \"HTTP \nresponse splitting\", where false replies are injected in the HTTP \nstream. This allowed malicious web servers to forge wrong cache \ncontent for arbitrary web sites, which was then delivered to Squid \nclients. (CAN-2005-0175)\n\nThe FSC Vulnerability Research Team discovered a buffer overflow in \nthe WCCP handling protocol. By sending an overly large WCCP packet, a \nremote attacker could crash the Squid server, and possibly even \nexecute arbitrary code with the privileges of the \"proxy\" user. \n(CAN-2005-0211)", "modified": "2005-02-08T00:00:00", "published": "2005-02-08T00:00:00", "id": "USN-77-1", "href": "https://ubuntu.com/security/notices/USN-77-1", "title": "Squid vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:46", "bulletinFamily": "unix", "description": "### Background\n\nSquid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. \n\n### Description\n\nSquid contains a vulnerability in the gopherToHTML function (CAN-2005-0094) and incorrectly checks the 'number of caches' field when parsing WCCP_I_SEE_YOU messages (CAN-2005-0095). Furthermore the NTLM code contains two errors. One is a memory leak in the fakeauth_auth helper (CAN-2005-0096) and the other is a NULL pointer dereferencing error (CAN-2005-0097). Finally Squid also contains an error in the ACL parsing code (CAN-2005-0194). \n\n### Impact\n\nWith the WCCP issue an attacker could cause denial of service by sending a specially crafted UDP packet. With the Gopher issue an attacker might be able to execute arbitrary code by enticing a user to connect to a malicious Gopher server. The NTLM issues could lead to denial of service by memory consumption or by crashing Squid. The ACL issue could lead to ACL bypass. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Squid users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-proxy/squid-2.5.7-r2\"", "modified": "2005-02-07T00:00:00", "published": "2005-01-16T00:00:00", "id": "GLSA-200501-25", "href": "https://security.gentoo.org/glsa/200501-25", "type": "gentoo", "title": "Squid: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-06T19:46:43", "bulletinFamily": "unix", "description": "### Background\n\nSquid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other protocols, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. \n\n### Description\n\nSquid contains several vulnerabilities: \n\n * Buffer overflow when handling WCCP recvfrom() (CAN-2005-0211).\n * Loose checking of HTTP headers (CAN-2005-0173 and CAN-2005-0174).\n * Incorrect handling of LDAP login names with spaces (CAN-2005-0175).\n\n### Impact\n\nAn attacker could exploit: \n\n * the WCCP buffer overflow to cause Denial of Service.\n * the HTTP header parsing vulnerabilities to inject arbitrary response data, potentially leading to content spoofing, web cache poisoning and other cross-site scripting or HTTP response splitting attacks.\n * the LDAP issue to login with several variations of the same login name, leading to log poisoning.\n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Squid users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-proxy/squid-2.5.7-r5\"", "modified": "2005-02-02T00:00:00", "published": "2005-02-02T00:00:00", "id": "GLSA-200502-04", "href": "https://security.gentoo.org/glsa/200502-04", "type": "gentoo", "title": "Squid: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2019-05-29T18:08:13", "bulletinFamily": "NVD", "description": "The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference.", "modified": "2017-10-11T01:29:00", "id": "CVE-2005-0097", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0097", "published": "2005-01-11T05:00:00", "title": "CVE-2005-0097", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:08:13", "bulletinFamily": "NVD", "description": "Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption).", "modified": "2017-10-11T01:29:00", "id": "CVE-2005-0096", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0096", "published": "2005-01-25T05:00:00", "title": "CVE-2005-0096", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:08:13", "bulletinFamily": "NVD", "description": "The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling \"oversized\" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.", "modified": "2017-10-11T01:29:00", "id": "CVE-2005-0241", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0241", "published": "2005-05-02T04:00:00", "title": "CVE-2005-0241", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:08:13", "bulletinFamily": "NVD", "description": "The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers.", "modified": "2017-10-11T01:29:00", "id": "CVE-2005-0095", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0095", "published": "2005-01-15T05:00:00", "title": "CVE-2005-0095", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:08:13", "bulletinFamily": "NVD", "description": "Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses.", "modified": "2017-10-11T01:29:00", "id": "CVE-2005-0094", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0094", "published": "2005-01-15T05:00:00", "title": "CVE-2005-0094", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:08:13", "bulletinFamily": "NVD", "description": "Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters.", "modified": "2017-10-11T01:29:00", "id": "CVE-2005-0174", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0174", "published": "2005-02-07T05:00:00", "title": "CVE-2005-0174", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:08:13", "bulletinFamily": "NVD", "description": "squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.", "modified": "2017-10-11T01:29:00", "id": "CVE-2005-0173", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0173", "published": "2005-05-02T04:00:00", "title": "CVE-2005-0173", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:08:13", "bulletinFamily": "NVD", "description": "Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack.", "modified": "2017-10-11T01:29:00", "id": "CVE-2005-0175", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0175", "published": "2005-02-07T05:00:00", "title": "CVE-2005-0175", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:08:13", "bulletinFamily": "NVD", "description": "Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter.", "modified": "2018-10-12T18:28:00", "id": "CVE-2005-0211", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0211", "published": "2005-05-02T04:00:00", "title": "CVE-2005-0211", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:21:28", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 667-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nFebruary 4th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : squid\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE IDs : CAN-2005-0173 CAN-2005-0175 CAN-2005-0194 CAN-2005-0211\n\nSeveral vulnerabilities have been discovered in Squid, the internet\nobject cache, the popular WWW proxy cache. The Common Vulnerabilities\nand Exposures project identifies the following vulnerabilities:\n\nCAN-2005-0173\n\n LDAP is very forgiving about spaces in search filters and this\n could be abused to log in using several variants of the login\n name, possibly bypassing explicit access controls or confusing\n accounting.\n\nCAN-2005-0175\n\n Cache pollution/poisening via HTTP response splitting has been\n discovered.\n\nCAN-2005-0194\n\n The meaning of the access controls becomes somewhat confusing if\n any of the referenced ACLs (access control lists) is declared\n empty, without any members.\n\nCAN-2005-0211\n\n The length argument of the WCCP recvfrom() call is larger than it\n should be. An attacker may send a larger than normal WCCP packet\n that could overflow a buffer.\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 2.4.6-2woody6.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 2.5.7-7.\n\nWe recommend that you upgrade your squid package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6.dsc\n Size/MD5 checksum: 612 f585baec3cc0548a0b6d3e21d185db50\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6.diff.gz\n Size/MD5 checksum: 235426 85d38139f57a82f3c422421ad352e70e\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz\n Size/MD5 checksum: 1081920 59ce2c58da189626d77e27b9702ca228\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_alpha.deb\n Size/MD5 checksum: 815424 ecbca01e45af0d55e94bcd6dc93a140a\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_alpha.deb\n Size/MD5 checksum: 75546 e3ad6d3c681293593ab8e0c3ed46e56d\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_alpha.deb\n Size/MD5 checksum: 60290 bd894e6b88b4155a4d79ab346ef0ecf0\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_arm.deb\n Size/MD5 checksum: 725786 00174ebf650a7becff1a974766a8ef18\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_arm.deb\n Size/MD5 checksum: 73324 496ebaa76ff79e0b3df5032e9db249ee\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_arm.deb\n Size/MD5 checksum: 58634 b036414c28e9371324b2b2112e2195ef\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_i386.deb\n Size/MD5 checksum: 684246 5f932b6cd8e3fae41bee679b8f78ce9d\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_i386.deb\n Size/MD5 checksum: 73820 51b9d7d06722aa12086d5e321521c957\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_i386.deb\n Size/MD5 checksum: 58322 8fceca376dc96840d11e210f2796dcb4\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_ia64.deb\n Size/MD5 checksum: 953904 aeaee5d9ee53e39a3aa1e1b775d12142\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_ia64.deb\n Size/MD5 checksum: 79392 1430eda6e1c2c4b4b8b7fade39efbdc4\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_ia64.deb\n Size/MD5 checksum: 62960 8cebaa32f4f3f17eef2d731fc4c154b3\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_hppa.deb\n Size/MD5 checksum: 779494 9341bc9e4b7c39806601a378aad51d56\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_hppa.deb\n Size/MD5 checksum: 74766 8479e2a71ae184650520cf3a139bc1ad\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_hppa.deb\n Size/MD5 checksum: 59772 bc6dff1697cb54f3c3baa9fbb21cd49b\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_m68k.deb\n Size/MD5 checksum: 666170 bfea1f097c0913615dd885cf6090ff90\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_m68k.deb\n Size/MD5 checksum: 72654 3db952c5d712e4e0a54db5215f2ae812\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_m68k.deb\n Size/MD5 checksum: 57868 c81e9618868ea0e82b0c2179067fe3eb\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_mips.deb\n Size/MD5 checksum: 765316 8a18eea8fa4f5a738cf2c9415233d172\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_mips.deb\n Size/MD5 checksum: 74292 5a6f6f6ac7dd721d9dba3478a5c478de\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_mips.deb\n Size/MD5 checksum: 58946 eae54358cc4adcc85d754fbd6ca29225\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_mipsel.deb\n Size/MD5 checksum: 765424 0490a5ec43851928800922afd54a2d5f\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_mipsel.deb\n Size/MD5 checksum: 74392 1093f566bac7bf08d1da720439234d80\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_mipsel.deb\n Size/MD5 checksum: 59036 7846b97c6c8661b1e07889fff408b250\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_powerpc.deb\n Size/MD5 checksum: 722620 0c8c21ad09813e7565022c35f87dd29c\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_powerpc.deb\n Size/MD5 checksum: 73302 d86696f63adab59d1fadbd64702ca633\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_powerpc.deb\n Size/MD5 checksum: 58522 7d812f5b516060abcdb0eb977ea85a5e\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_s390.deb\n Size/MD5 checksum: 712166 809bb77631c098b4c1f548f7d4101f88\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_s390.deb\n Size/MD5 checksum: 73646 ff34ec95644ed86adfde338834bbe014\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_s390.deb\n Size/MD5 checksum: 59084 27e215b7b647ce8fbabd1108fc9dbec4\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_sparc.deb\n Size/MD5 checksum: 724716 da2925f0ab258d718872525a6a2f0a80\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_sparc.deb\n Size/MD5 checksum: 75932 5b46ca56b3274c5e4dbdab3556a85491\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_sparc.deb\n Size/MD5 checksum: 60956 7a2ec6fb96971c29edfabce83c0069ec\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "modified": "2005-02-04T00:00:00", "published": "2005-02-04T00:00:00", "id": "DEBIAN:DSA-667-1:790C8", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00044.html", "title": "[SECURITY] [DSA 667-1] New squid packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:22:55", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 651-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nJanuary 20th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : squid\nVulnerability : buffer overflow, integer overflow\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CAN-2005-0094 CAN-2005-0095\n\nSeveral vulnerabilities have been discovered in Squid, the internet\nobject cache, the popular WWW proxy cache. The Common Vulnerabilities\nand Exposures Project identifies the following vulnerabilities:\n\nCAN-2005-0094\n\n "infamous41md" discovered a buffer overflow in the parser for\n Gopher responses which will lead to memory corruption and usually\n crash Squid.\n\nCAN-2005-0095\n\n "infamous41md" discovered an integer overflow in the receiver of\n WCCP (Web Cache Communication Protocol) messages. An attacker\n could send a specially crafted UDP datagram that will cause Squid\n to crash.\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 2.4.6-2woody5.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 2.5.7-4.\n\nWe recommend that you upgrade your squid package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5.dsc\n Size/MD5 checksum: 612 69bd41324bb88cc4a76fcacba1f6cb9b\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5.diff.gz\n Size/MD5 checksum: 227846 52f6d82e486f23dba4240260dc64ea57\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz\n Size/MD5 checksum: 1081920 59ce2c58da189626d77e27b9702ca228\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_alpha.deb\n Size/MD5 checksum: 814804 684a7a602a7dce53d3e2d5ea526cdfeb\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_alpha.deb\n Size/MD5 checksum: 75340 061412b8ca998b1ae5a7c576eac51425\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_alpha.deb\n Size/MD5 checksum: 60094 8ecf3345226d4023c661cb5950929d5c\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_arm.deb\n Size/MD5 checksum: 725286 b9103ba40dfcc47200b971a0ad123bb9\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_arm.deb\n Size/MD5 checksum: 73116 fe083c2e4e65e0bcff82b42c292f9c69\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_arm.deb\n Size/MD5 checksum: 58444 225728ea1d83a4f999cbcd1cbc918471\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_i386.deb\n Size/MD5 checksum: 684376 bd4f50309316282ffdf9012e6a051349\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_i386.deb\n Size/MD5 checksum: 72850 f0f790e828a53ae94406c68d8c386ac7\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_i386.deb\n Size/MD5 checksum: 58014 9f2e5d189aa0df9d01d47c6870ca25f9\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_ia64.deb\n Size/MD5 checksum: 953366 146cb3cfadbb09b473289462fcb85c4e\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_ia64.deb\n Size/MD5 checksum: 79224 6a83889272e28d86602d86358929196b\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_ia64.deb\n Size/MD5 checksum: 62766 6b48ca53c8bc2f0972a1b4653d04fa54\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_hppa.deb\n Size/MD5 checksum: 779204 684c9f7e7b7bd4abda5eda0890974951\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_hppa.deb\n Size/MD5 checksum: 74562 861f28d3d058c56d620ce557b488780f\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_hppa.deb\n Size/MD5 checksum: 59574 16d03b269cb3d067cd6129b9bf1eccdc\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_m68k.deb\n Size/MD5 checksum: 665532 da4701e4506c91a7297ebe41314d88cd\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_m68k.deb\n Size/MD5 checksum: 72460 3ad96b1dc107bbaafd67592f8477bab4\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_m68k.deb\n Size/MD5 checksum: 57678 0202dafa52ea24eb34c3d477459ad287\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_mips.deb\n Size/MD5 checksum: 764854 c97c148f54c9d80e9d3d6c127894813b\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_mips.deb\n Size/MD5 checksum: 74028 d49e9634ed353d8b713f4d80de731b61\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_mips.deb\n Size/MD5 checksum: 58730 762b4bb651f8531208db4cd941a06560\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_mipsel.deb\n Size/MD5 checksum: 764702 d134fdcf4916a521147f94837e2e544e\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_mipsel.deb\n Size/MD5 checksum: 74118 9bdfc6bc5e7f752df213cdffb197f877\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_mipsel.deb\n Size/MD5 checksum: 58838 edc757de19a59274fcb2a3d32791dcc0\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_powerpc.deb\n Size/MD5 checksum: 722068 9c18747e4a7e6b15c05ab547efc59993\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_powerpc.deb\n Size/MD5 checksum: 73100 7af618b2b8b1e225af2631a07da615d8\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_powerpc.deb\n Size/MD5 checksum: 58322 23f79cf266df794a375ba75b2a973026\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_s390.deb\n Size/MD5 checksum: 711584 f750ce9dd12460574b2c69031d3933bf\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_s390.deb\n Size/MD5 checksum: 73442 e9a485219baaec097b7d432ba4ea8a26\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_s390.deb\n Size/MD5 checksum: 58876 4ab64ae10b353e69facfcc59fa6fa0ab\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_sparc.deb\n Size/MD5 checksum: 724314 d4af1a337ee603d7b1039f132996b0bf\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_sparc.deb\n Size/MD5 checksum: 75728 9974f32b84edb4969c9216742e9c9f73\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_sparc.deb\n Size/MD5 checksum: 60762 a7aad73eabef840dd648ef058dc852d5\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "modified": "2005-01-20T00:00:00", "published": "2005-01-20T00:00:00", "id": "DEBIAN:DSA-651-1:D07AC", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00029.html", "title": "[SECURITY] [DSA 651-1] New squid packages fix denial of service", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:57", "bulletinFamily": "unix", "description": "\nThe Squid team reported several denial-of-service\n\t vulnerabilities related to the handling of DNS responses and\n\t NT Lan Manager messages. These may allow an attacker to crash\n\t the Squid cache.\n", "modified": "2005-01-16T00:00:00", "published": "2005-01-16T00:00:00", "id": "5BF1A715-CC57-440F-B0A5-6406961C54A7", "href": "https://vuxml.freebsd.org/freebsd/5bf1a715-cc57-440f-b0a5-6406961c54a7.html", "title": "squid -- denial-of-service vulnerabilities", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:03", "bulletinFamily": "unix", "description": "\nThe squid patches page notes:\n\nThis patch addresses a HTTP protocol mismatch related to oversized\n\t reply headers. In addition it enhances the cache.log reporting on\n\t reply header parsing failures to make it easier to track down which\n\t sites are malfunctioning.\n\nIt is believed that this bug may lead to cache pollution or\n\t allow access controls to be bypassed.\n", "modified": "2005-01-31T00:00:00", "published": "2005-01-31T00:00:00", "id": "BFDA39DE-7467-11D9-9E1E-C296AC722CB3", "href": "https://vuxml.freebsd.org/freebsd/bfda39de-7467-11d9-9e1e-c296ac722cb3.html", "title": "squid -- correct handling of oversized HTTP reply headers", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:05", "bulletinFamily": "unix", "description": "\nThe squid patches page notes:\n\nWCCP_I_SEE_YOU messages contain a 'number of caches'\n\t field which should be between 1 and 32. Values outside\n\t that range may crash Squid if WCCP is enabled, and if an\n\t attacker can spoof UDP packets with the WCCP router's IP\n\t address.\n\n", "modified": "2005-01-22T00:00:00", "published": "2005-01-07T00:00:00", "id": "5FE7E27A-64CB-11D9-9E1E-C296AC722CB3", "href": "https://vuxml.freebsd.org/freebsd/5fe7e27a-64cb-11d9-9e1e-c296ac722cb3.html", "title": "squid -- denial of service with forged WCCP messages", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:05", "bulletinFamily": "unix", "description": "\nThe squid patches page notes:\n\nA malicious gopher server may return a response with very\n\t long lines that cause a buffer overflow in Squid.\nWorkaround: Since gopher is very obscure these days, do\n\t not allow Squid to any gopher servers. Use an ACL rule\n\t like:\nacl Gopher proto gopher\nhttp_access deny Gopher\n\n", "modified": "2005-01-22T00:00:00", "published": "2005-01-11T00:00:00", "id": "184AB9E0-64CD-11D9-9E1E-C296AC722CB3", "href": "https://vuxml.freebsd.org/freebsd/184ab9e0-64cd-11d9-9e1e-c296ac722cb3.html", "title": "squid -- buffer overflow vulnerability in gopherToHTML", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:03", "bulletinFamily": "unix", "description": "\nAccording to the Squid Proxy Cache Security Update Advisory\n\t SQUID-2005:3,\n\nThe WCCP recvfrom() call accepts more data than will fit in\n\t the allocated buffer. An attacker may send a larger-than-normal\n\t WCCP message to Squid and overflow this buffer.\nSeverity:\nThe bug is important because it allows remote attackers to crash\n\t Squid, causing a disription in service. However, the bug is\n\t exploitable only if you have configured Squid to send WCCP messages\n\t to, and expect WCCP replies from, a router.\nSites that do not use WCCP are not vulnerable.\n\nNote that while the default configuration of the FreeBSD squid port\n\t enables WCCP support in general, the default configuration\n\t supplied does not actually configure squid to send and receive WCCP\n\t messages.\n", "modified": "2005-02-13T00:00:00", "published": "2005-01-28T00:00:00", "id": "23FB5A04-722B-11D9-9E1E-C296AC722CB3", "href": "https://vuxml.freebsd.org/freebsd/23fb5a04-722b-11d9-9e1e-c296ac722cb3.html", "title": "squid -- buffer overflow in WCCP recvfrom() call", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:04", "bulletinFamily": "unix", "description": "\nThe LDAP authentication helper did not strip\n\t leading or trailing spaces from the login name.\n\t According to the squid patches page:\n\nLDAP is very forgiving about spaces in search\n\t filters and this could be abused to log in\n\t using several variants of the login name,\n\t possibly bypassing explicit access controls\n\t or confusing accounting.\nWorkaround: Block logins with spaces\n\n\t acl login_with_spaces proxy_auth_regex [:space:]\n\t\t http_access deny login_with_spaces\n\t \n\n", "modified": "2005-02-08T00:00:00", "published": "2005-01-10T00:00:00", "id": "7A921E9E-68B1-11D9-9E1E-C296AC722CB3", "href": "https://vuxml.freebsd.org/freebsd/7a921e9e-68b1-11d9-9e1e-c296ac722cb3.html", "title": "squid -- no sanity check of usernames in squid_ldap_auth", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:04", "bulletinFamily": "unix", "description": "\nAccording to a whitepaper published by Sanctum, Inc., it\n\t is possible to mount cache poisoning attacks against, among others,\n\t squid proxies by inserting false replies into the HTTP stream.\nThe squid patches page notes:\n\nThis patch additionally strengthens Squid from the HTTP response\n\t attack described by Sanctum.\n\n", "modified": "2005-02-07T00:00:00", "published": "2004-03-01T00:00:00", "id": "4E4BD2C2-6BD5-11D9-9E1E-C296AC722CB3", "href": "https://vuxml.freebsd.org/freebsd/4e4bd2c2-6bd5-11d9-9e1e-c296ac722cb3.html", "title": "squid -- HTTP response splitting cache pollution attack", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:04", "bulletinFamily": "unix", "description": "\nThe squid patches page notes:\n\nThis patch makes Squid considerably stricter while\n\t parsing the HTTP protocol.\n\nA Content-length header should only appear once in a\n\t valid request or response. Multiple Content-length\n\t headers, in conjunction with specially crafted requests,\n\t may allow Squid's cache to be poisoned with bad content\n\t in certain situations.\nCR characters is only allowed as part of the CR NL\n\t line terminator, not alone. This to ensure that all\n\t involved agrees on the structure of HTTP headers.\nRejects requests/responses that have whitespace in an\n\t HTTP header name.\n\n\nTo enable these strict parsing rules, update to at least\n\t squid-2.5.7_9 and specify relaxed_header_parser\n\t off in squid.conf.\n", "modified": "2006-01-02T00:00:00", "published": "2005-01-24T00:00:00", "id": "B4D94FA0-6E38-11D9-9E1E-C296AC722CB3", "href": "https://vuxml.freebsd.org/freebsd/b4d94fa0-6e38-11d9-9e1e-c296ac722cb3.html", "title": "squid -- possible cache-poisoning via malformed HTTP responses", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "cert": [{"lastseen": "2020-07-02T16:00:31", "bulletinFamily": "info", "description": "### Overview \n\nThe Apache mod_python module is vulnerable to unintended remote information disclosure using specially crafted URLs.\n\n### Description \n\nFrom the mod_python web page:\n\n_Mod_python is an _[__Apache __](<http://httpd.apache.org/>)_module that embeds the _[__Python__](<http://www.python.org/>)_ interpreter within the server. With mod_python you can write web-based applications in Python that will run many times faster than traditional CGI and will have access to advanced features such as ability to retain database connections and other data between hits and access to Apache internals. _ \n \nThe mod_python publisher, which allows Python module objects to be called in a URL, contains a subtle flaw in the request handling logic. Unintended information may be leaked by objects which are not meant to be visible. \n \n--- \n \n### Impact \n\nA remote attacker may be able to craft a URL to obtain script data and information which was not meant to be visible. This could include variable names and values, object data, and more. \n \n--- \n \n### Solution \n\n**Obtain updated packages** \nmod_python has released updated packages which do not contain this flaw: \n \nFor Apache 1.3: mod_python 2.7.11(or later) \nFor Apache 2.0: mod_python 3.0.4 (or later) \n \nThese packages can be obtained from the [mod_python](<http://www.modpython.org/>) [download page](<http://httpd.apache.org/modules/python-download.cgi>). \n \n--- \n \nA proposed workaround is to set the Apache server to block URLs containing requests that begin with \"func_\". This is not a definitive solution and may also hinder normal operation of the server. \n \n--- \n \n### Vendor Information\n\n356409\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Apache __ Affected\n\nUpdated: February 21, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`The Apache Software Foundation and The Apache HTTP Server Project are pleased \nto announce the release of versions 3.1.4 and 2.7.11 of mod_python. \n \nThis release addresses a vulnerability in mod_python's publisher handler \nwhereby a carefully crafted URL would expose objects that should not be \nvisible, leading to an information leak. The Common Vulnerabilities and \nExposures project (``<http://cve.mitre.org/>``) has assigned the name CAN-2005-0088 \nto this issue. \n \nUsers of the publisher handler are urged to upgrade as soon as possible. \n \nThere are no other changes or improvements from the previous version in \nthis release. \n \nAt this point the new version is only available as a source code archive. \nUsers of mod_python on Win32 platform can update their installation by simply \nreplacing the publisher.py file with the latest version from the source code \narchive. \n \nMod_python is available for download from: \n \n``<http://httpd.apache.org/modules/python-download.cgi>`` \n \nFor more information about mod_python visit \n``<http://www.modpython.org/>`` \n \nRegards, \n \nGrisha Trubetskoy`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23356409 Feedback>).\n\n### Fedora Project __ Affected\n\nUpdated: February 21, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`--------------------------------------------------------------------- \nFedora Update Notification \nFEDORA-2005-140 \n2005-02-10 \n--------------------------------------------------------------------- \n \nProduct : Fedora Core 3 \nName : mod_python \nVersion : 3.1.3 =20 \nRelease : 5.2 =20 \nSummary : An embedded Python interpreter for the Apache Web server. \nDescription : \nMod_python is a module that embeds the Python language interpreter within \nthe server, allowing Apache handlers to be written in Python. \n \nMod_python brings together the versatility of Python and the power of \nthe Apache Web server for a considerable boost in flexibility and \nperformance over the traditional CGI approach. \n \n--------------------------------------------------------------------- \nUpdate Information: \n \nGraham Dumpleton discovered a flaw affecting the publisher handler of \nmod_python, used to make objects inside modules callable via URL. \nA remote user could visit a carefully crafted URL that would gain access to \nobjects that should not be visible, leading to an information leak. The \nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned \nthe name CAN-2005-0088 to this issue. \n \nThis update includes a patch which fixes this issue. \n \n--------------------------------------------------------------------- \n* Mon Jan 31 2005 Joe Orton <jorton@redhat.com> 3.1.3-5.2 \n \n- add security fix for CVE CAN-2005-0088 (#146655) \n \n--------------------------------------------------------------------- \nThis update can be downloaded from: \n``<http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/>`` \n \n2f8f27de0ed294fb0df1dbcc4b459d1b SRPMS/mod_python-3.1.3-5.2.src.rpm \n14821a1a3b89506fddc51b338f93a800 x86_64/mod_python-3.1.3-5.2.x86_64.rpm \n07653b192939283ac05b094f6963af43 x86_64/debug/mod_python-debuginfo-3.1.3-5= \n.2.x86_64.rpm \n5908a986650071f30ab180724d3a461b i386/mod_python-3.1.3-5.2.i386.rpm \n24f5c62133e734b1b2b109d3fe19a83b i386/debug/mod_python-debuginfo-3.1.3-5.2= \n.i386.rpm \n \nThis update can also be installed with the Update Agent; you can \nlaunch the Update Agent with the 'up2date' command. =20 \n---------------------------------------------------------------------`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23356409 Feedback>).\n\n### Gentoo Linux __ Affected\n\nUpdated: February 21, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \nGentoo Linux Security Advisory GLSA 200502-14 \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \n``<http://security.gentoo.org/>`` \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \n \nSeverity: Low \nTitle: mod_python: Publisher Handler vulnerability \nDate: February 13, 2005 \nBugs: #80109 \nID: 200502-14 \n \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \n \nSynopsis \n======== \n \nmod_python contains a vulnerability in the Publisher Handler \npotentially leading to information disclosure. \n \nBackground \n========== \n \nmod_python is an Apache module that embeds the Python interpreter \nwithin the server allowing Python-based web-applications to be created. \n \nAffected packages \n================= \n \n------------------------------------------------------------------- \nPackage / Vulnerable / Unaffected \n------------------------------------------------------------------- \n1 dev-python/mod_python < 3.1.3-r1 >= 3.1.3-r1 \n \nDescription \n=========== \n \nGraham Dumpleton discovered a vulnerability in mod_python's Publisher \nHandler. \n \nImpact \n====== \n \nBy requesting a specially crafted URL for a published module page, an \nattacker could obtain information about restricted variables. \n \nWorkaround \n========== \n \nThere is no known workaround at this time. \n \nResolution \n========== \n \nAll mod_python users should upgrade to the latest version: \n \n# emerge --sync \n# emerge --ask --oneshot --verbose \">=dev-python/mod_python-3.1.3-r1\" \n \nReferences \n========== \n \n[ 1 ] CAN-2005-0088 \n``<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0088>`` \n \nAvailability \n============ \n \nThis GLSA and any updates to it are available for viewing at \nthe Gentoo Security Website: \n \n``<http://security.gentoo.org/glsa/glsa-200502-14.xml>`` \n \nConcerns? \n========= \n \nSecurity is a primary focus of Gentoo Linux and ensuring the \nconfidentiality and security of our users machines is of utmost \nimportance to us. Any security concerns should be addressed to \nsecurity@gentoo.org or alternatively, you may file a bug at \n``<http://bugs.gentoo.org>``. \n \nLicense \n======= \n \nCopyright 2005 Gentoo Foundation, Inc; referenced text \nbelongs to its owner(s). \n \nThe contents of this document are licensed under the \nCreative Commons - Attribution / Share Alike license. \n \n``<http://creativecommons.org/licenses/by-sa/2.0>`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23356409 Feedback>).\n\n### Red Hat Inc. __ Affected\n\nNotified: February 11, 2005 Updated: February 11, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\n[Red Hat Security Advisory RHSA-2005:104-03](<http://rhn.redhat.com/errata/RHSA-2005-104.html>) has details on updates and fixes.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23356409 Feedback>).\n\n### Trustix Secure Linux __ Affected\n\nUpdated: February 21, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1 \n \n- -------------------------------------------------------------------------- \nTrustix Secure Linux Security Advisory #2005-0003 \n \nPackage name: bind clamav cpio cups mod_python perl postgresql python \nsquid \nSummary: Security fixes \nDate: 2005-02-11 \nAffected versions: Trustix Secure Linux 1.5 \nTrustix Secure Linux 2.1 \nTrustix Secure Linux 2.2 \nTrustix Operating System - Enterprise Server 2 \n \n- -------------------------------------------------------------------------- \nPackage description: \nbind: \nBIND (Berkeley Internet Name Domain) is an implementation of the DNS \n(Domain Name System) protocols. BIND includes a DNS server (named), \nwhich resolves host names to IP addresses, and a resolver library \n(routines for applications to use when interfacing with DNS). A DNS \nserver allows clients to name resources or objects and share the \ninformation with other network machines. The named DNS server can be \nused on workstations as a caching name server, but is generally only \nneeded on one machine for an entire network. \n \nclamav: \nClam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose of this \nsoftware is the integration with mail servers (attachment scanning). \nThe package provides a flexible and scalable multi-threaded daemon, \na command line scanner, and a tool for automatic updating via Internet. \nThe programs are based on a shared library distributed with package, \nwhich you can use with your own software. \nMost importantly, the virus database is kept up to date . \n \ncpio: \nGNU cpio copies files into or out of a cpio or tar archive. Archives \nare files which contain a collection of other files plus information \nabout them, such as their file name, owner, timestamps, and access \npermissions. The archive can be another file on the disk, a magnetic \ntape, or a pipe. GNU cpio supports the following archive formats: binary, \nold ASCII, new ASCII, crc, HPUX binary, HPUX old ASCII, old tar and POSIX.1 \ntar. By default, cpio creates binary format archives, so that they are \ncompatible with older cpio programs. When it is extracting files from \narchives, cpio automatically recognizes which kind of archive it is reading \nand can read archives created on machines with a different byte-order. \n \ncups: \nThe Common UNIX Printing System provides a portable printing layer for \nUNIX(R) operating systems. It has been developed by Easy Software Products \nto promote a standard printing solution for all UNIX vendors and users. \nCUPS provides the System V and Berkeley command-line interfaces. \n \nmod_python: \nMod_python is a module that embeds the Python language interpreter within \nthe server, allowing Apache handlers to be written in Python. \n \nperl: \nPerl is a high-level programming language with roots in C, sed, awk \nand shell scripting. Perl is good at handling processes and files, \nand is especially good at handling text. Perl's hallmarks are \npracticality and efficiency. While it is used to do a lot of \ndifferent things, Perl's most common applications (and what it excels \nat) are probably system administration utilities and web programming. \nA large proportion of the CGI scripts on the web are written in Perl. \nYou need the perl package installed on your system so that your \nsystem can handle Perl scripts. \n \npostgresql: \nPostgreSQL is an advanced Object-Relational database management system \n(DBMS) that supports almost all SQL constructs (including \ntransactions, subselects and user-defined types and functions). The \npostgresql package includes the client programs and libraries that \nyou'll need to access a PostgreSQL DBMS server. These PostgreSQL \nclient programs are programs that directly manipulate the internal \nstructure of PostgreSQL databases on a PostgreSQL server. These client \nprograms can be located on the same machine with the PostgreSQL \nserver, or may be on a remote machine which accesses a PostgreSQL \nserver over a network connection. This package contains the docs \nin HTML for the whole package, as well as command-line utilities for \nmanaging PostgreSQL databases on a PostgreSQL server. \n \npython: \nPython is an interpreted, interactive, object-oriented programming \nlanguage often compared to Tcl, Perl, Scheme or Java. Python includes \nmodules, classes, exceptions, very high level dynamic data types and \ndynamic typing. Python supports interfaces to many system calls and \nlibraries. \n \nsquid: \nSquid is a high-performance proxy caching server for Web clients, \nsupporting FTP, gopher, and HTTP data objects. Unlike traditional \ncaching software, Squid handles all requests in a single, \nnon-blocking, I/O-driven process. Squid keeps meta data and especially \nhot objects cached in RAM, caches DNS lookups, supports non-blocking \nDNS lookups, and implements negative caching of failed requests. \n \n \nProblem description: \nbind: \nA bug in the dnssec validator can result in an internal consistency check \nfailing and thus causing the named to exit abnormally. \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has \nassigned the name CAN-2005-0034 to this issue. \n \n \nclamav: \nAn attacker can crash the ClamAV daemon by sending a specially \ncrafted ZIP file and thus causing a DoS. \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has \nassigned the name CAN-2005-0133 to this issue. \n \n \ncpio: \ncpio reset the umask to 0 when writing files with the -O flag. \nThis left the files both readable and writeable by all. \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has \nassigned the name CAN-1999-1572 to this issue. \n \n \ncups: \nA buffer overflow was found in the Decrypt::makeFileKey2 function \nin Decrypt.cc for xpdf 3.00 and earlier allowed remote attackers \nto execute arbitrary code via a PDF file. \n \nxpdf is not part of TSL, but a number of projects have reused this \ncode. Of those, cups is included in TSL. \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has \nassigned the name CAN-2005-0064 to this issue. \n \n \nmod_python: \nGraham Dumpleton discovered a flaw affecting the publisher handler of \nmod_python, used to make objects inside modules callable via URL. \nA remote user could visit a carefully crafted URL that would gain access to \nobjects that should not be visible, leading to an information leak. \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has \nassigned the name CAN-2005-0088 to this issue. \n \n \nperl: \nWhen executing a setuid-root perl, the file pointed to by the \nPERLIO_DEBUG environment varibale would be overwritten. This has now \nbeen fixed by ignoring PERLIO_DEBUG for setuid perl scripts. \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has \nassigned the name CAN-2005-0155 to this issue. \n \n \nExecuting a setuid root perl script with a very long path caused a \nbuffer overflow if the PERLIO_DEBUG environment variable was set. \nThis bug could be exploited to gain root privileges. \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has \nassigned the name CAN-2005-0156 to this issue. \n \n \npostgresql: \nNew upstream. Fixes local privilege escalation discovered by John Heasman \nAny user could use the LOAD extention to load any shared library into \nthe server. \n \nThis could be used to execute commands as the postgresql user. \n \n \npython: \nFrom the Python advisory: \nThe Python development team has discovered a flaw in the \nSimpleXMLRPCServer library module which can give remote attackers \naccess to internals of the registered object or its module or possibly \nother modules. The flaw only affects Python XML-RPC servers that use \nthe register_instance() method to register an object without a \n_dispatch() method. Servers using only register_function() are not \naffected. \n \nOn vulnerable XML-RPC servers, a remote attacker may be able to view \nor modify globals of the module(s) containing the registered instance's \nclass(es), potentially leading to data loss or arbitrary code execution. \nIf the registered object is a module, the danger is particularly serious. \nFor example, if the registered module imports the os module, an attacker \ncould invoke the os.system() function. \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has \nassigned the name CAN-2005-0089 to this issue. \n \n \nsquid: \nA buffer overflow in the Gopher responses parser can be exploited \nremotely in a denial of service attack. \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has`\n\n` assigned the name CAN-2005-0094 to this issue. \n \n \nAn integer overflow in the receiver of Web Cache Communication Protocol \nmessages can be exploited remotely in a denial of service attack. \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has \nassigned the name CAN-2005-0095 to this issue. \n \n \nA memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 \nand can be exploited remotely in a denial of service attack. \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has \nassigned the name CAN-2005-0096 to this issue. \n \n \nSending a malformed NTML message to Squid 2.5.STABLE7 and earlier \ncan cause a remore denial of service attack. \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has \nassigned the name CAN-2005-0097 to this issue. \n \n \nAction: \nWe recommend that all systems with this package installed be upgraded. \nPlease note that if you do not need the functionality provided by this \npackage, you may want to remove it from your system. \n \n \nLocation: \nAll Trustix Secure Linux updates are available from \n<URI:``<http://http.trustix.org/pub/trustix/updates/>``> \n<URI:``<ftp://ftp.trustix.org/pub/trustix/updates/>``> \n \n \nAbout Trustix Secure Linux: \nTrustix Secure Linux is a small Linux distribution for servers. With focus \non security and stability, the system is painlessly kept safe and up to \ndate from day one using swup, the automated software updater. \n \n \nAutomatic updates: \nUsers of the SWUP tool can enjoy having updates automatically \ninstalled using 'swup --upgrade'. \n \n \nQuestions? \nCheck out our mailing lists: \n<URI:``<http://www.trustix.org/support/>``> \n \n \nVerification: \nThis advisory along with all Trustix packages are signed with the \nTSL sign key. \nThis key is available from: \n<URI:``<http://www.trustix.org/TSL-SIGN-KEY>``> \n \nThe advisory itself is available from the errata pages at \n<URI:``<http://www.trustix.org/errata/trustix-1.5/>``>, \n<URI:``<http://www.trustix.org/errata/trustix-2.1/>``> and \n<URI:``<http://www.trustix.org/errata/trustix-2.2/>``> \nor directly at \n<URI:``<http://www.trustix.org/errata/2005/0003/>``> \n \n \nMD5sums of the packages: \n- -------------------------------------------------------------------------- \nedf340ef53a7489be5feb31c5c40fb7a 2.2/rpms/bind-9.3.0-6tr.i586.rpm \n9d97b4a4d7b177b209278fe3772f84dc 2.2/rpms/bind-devel-9.3.0-6tr.i586.rpm \ne90c07b0b8147e888cb0123bf200e545 2.2/rpms/bind-libs-9.3.0-6tr.i586.rpm \na4ff8817412c2536934ae21a47019994 2.2/rpms/bind-light-9.3.0-6tr.i586.rpm \nbe377c6746f0e365fe498c58ac288dab 2.2/rpms/bind-light-devel-9.3.0-6tr.i586.rpm \n3f01be31c9df4e6615b3afa16011a076 2.2/rpms/bind-utils-9.3.0-6tr.i586.rpm \nc29d1286e69da619f925781bf2af2611 2.2/rpms/clamav-0.80-3tr.i586.rpm \n158cb7e495e67358fea8d7619f4d9301 2.2/rpms/clamav-devel-0.80-3tr.i586.rpm \nd42c475fcbf22473dd0076991b1c2cc8 2.2/rpms/cpio-2.5-9tr.i586.rpm \na44df52c5a3caa8ed66183a0ae1657ca 2.2/rpms/cups-1.1.23-2tr.i586.rpm \n56935808faf04692b4cc1f4751886a65 2.2/rpms/cups-devel-1.1.23-2tr.i586.rpm \n76e7adccc01aaee65379286d873e67d7 2.2/rpms/cups-libs-1.1.23-2tr.i586.rpm \nd897e337b57ff1769de1c2f3784ede2e 2.2/rpms/mod_python-3.1.3-2tr.i586.rpm \n740159c0a1af369e1f05ca00ef0bda70 2.2/rpms/perl-5.8.5-4tr.i586.rpm \n2b87e851b2ecd40f6ae3530cafaafefc 2.2/rpms/postgresql-8.0.1-1tr.i586.rpm \n6d41dd9c2489460bccd004567e68cf92 2.2/rpms/postgresql-contrib-8.0.1-1tr.i586.rpm \n181fec1ac113df1eaa6b0a6fedc5d447 2.2/rpms/postgresql-devel-8.0.1-1tr.i586.rpm \nf710edabbaa5127442e6c3682735ef70 2.2/rpms/postgresql-docs-8.0.1-1tr.i586.rpm \n0b3ebc5fdd0f67f1e2d24a4c8f565b76 2.2/rpms/postgresql-libs-8.0.1-1tr.i586.rpm \nd16a77091ca20f1f811d9847befe4e66 2.2/rpms/postgresql-plperl-8.0.1-1tr.i586.rpm \n3ca468af41ad8fadfc896502d262441a 2.2/rpms/postgresql-python-8.0.1-1tr.i586.rpm \n01c63b048e332045b738c804921d026d 2.2/rpms/postgresql-server-8.0.1-1tr.i586.rpm \nf9a8f85a673def7737b3e7c25e3e0317 2.2/rpms/postgresql-test-8.0.1-1tr.i586.rpm \n653cfb455b18d744f256ce80c9257ea4 2.2/rpms/python-2.2.3-15tr.i586.rpm \n1eabd8f09a09dab9d2fc1b7f21386f05 2.2/rpms/python-dbm-2.2.3-15tr.i586.rpm \n207808fabdee7cc75b91384112971d03 2.2/rpms/python-devel-2.2.3-15tr.i586.rpm \n69296a45c6fbf24fdf567c1427b29f8a 2.2/rpms/python-docs-2.2.3-15tr.i586.rpm \n9229c28c83df681a1d8a040b52d34449 2.2/rpms/python-gdbm-2.2.3-15tr.i586.rpm \n756fe88b0e879a8bde101eea953cd949 2.2/rpms/python-modules-2.2.3-15tr.i586.rpm \n081706dca8282c032198031cd3c9321c 2.2/rpms/squid-2.5.STABLE7-2tr.i586.rpm \n \n151fc3e248b7a5bab0ace6839248c9dc 2.1/rpms/cpio-2.5-9tr.i586.rpm \n2b76f057db2434a6e5dfeaf632571a24 2.1/rpms/cups-1.1.23-1tr.i586.rpm \n598c9ef86b8fe587a3e58dac00a4bc66 2.1/rpms/cups-devel-1.1.23-1tr.i586.rpm \nf0b075344c5e9dbaf2eccfcaeb7ce6d6 2.1/rpms/cups-libs-1.1.23-1tr.i586.rpm \n2101e9e0054910530092920425f246ac 2.1/rpms/perl-5.8.3-5tr.i586.rpm \nc6d1cfcd6ff77ffbea2283b4153e8d7f 2.1/rpms/perl-devel-5.8.3-5tr.i586.rpm \n09fa604b7de541a3354b10b46d98b59c 2.1/rpms/perl-doc-5.8.3-5tr.i586.rpm \n613d9861c044f96fd3cda206fc07f633 2.1/rpms/postgresql-7.4.7-1tr.i586.rpm \n61b62383dcdefa45a30d0960223be59e 2.1/rpms/postgresql-contrib-7.4.7-1tr.i586.rpm \n0be3566daaad982798e66f1033aa0c26 2.1/rpms/postgresql-devel-7.4.7-1tr.i586.rpm \n2d5b875d3d0ea6c3f6de2f173c96e220 2.1/rpms/postgresql-docs-7.4.7-1tr.i586.rpm \n5cc70d8bd0911b88bc26ae5c1e1ff569 2.1/rpms/postgresql-libs-7.4.7-1tr.i586.rpm \n28f819f13f6c32bc5f00c9f68ccdfc62 2.1/rpms/postgresql-plperl-7.4.7-1tr.i586.rpm \n967ca48a961a7203eab3136ffbb56848 2.1/rpms/postgresql-python-7.4.7-1tr.i586.rpm \n6b5a0555d2ea9a913d8936f285fd806a 2.1/rpms/postgresql-server-7.4.7-1tr.i586.rpm \n818c097485e436368287e4045bae10f4 2.1/rpms/postgresql-test-7.4.7-1tr.i586.rpm \n061c655434677133f455811a83ed74b7 2.1/rpms/python-2.2.3-11tr.i586.rpm \n9a1956561409e6661918831b80674f74 2.1/rpms/python-dbm-2.2.3-11tr.i586.rpm \n8ac97e4e779f328b7d6f3cfa5ad3a3f1 2.1/rpms/python-devel-2.2.3-11tr.i586.rpm \n568ea81e2ca8b26afdf8487f55de8b36 2.1/rpms/python-docs-2.2.3-11tr.i586.rpm \n140cbdd1f787e7fd34dbf902dc56e6ae 2.1/rpms/python-gdbm-2.2.3-11tr.i586.rpm \n64f9242da8b7ee4c8429eb29fc0e593d 2.1/rpms/python-modules-2.2.3-11tr.i586.rpm \n \nb981a44d84483e3751d835423a434bd4 1.5/rpms/cpio-2.4.2-16tr.i586.rpm \n- -------------------------------------------------------------------------- \n \n \nTrustix Security Team`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23356409 Feedback>).\n\n### Ubuntu Linux __ Affected\n\nUpdated: February 21, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`=========================================================== \nUbuntu Security Notice USN-80-1 February 11, 2005 \nlibapache2-mod-python vulnerabilities \nCAN-2005-0088 \n=========================================================== \n \nA security issue affects the following Ubuntu releases: \n \nUbuntu 4.10 (Warty Warthog) \n \nThe following packages are affected: \n \nlibapache2-mod-python2.2 \nlibapache2-mod-python2.3 \n \nThe problem can be corrected by upgrading the affected package to \nversion 3.1.3-1ubuntu3.2. After a standard system upgrade you need to \nrestart the Apache 2 web server using \n \nsudo /etc/init.d/apache2 restart \n \nto effect the necessary changes. \n \nDetails follow: \n \nGraham Dumpleton discovered an information disclosure in the \n\"publisher\" handle of mod_python. By requesting a carefully crafted \nURL for a published module page, anybody can obtain extra information \nabout internal variables, objects, and other information which is not \nintended to be visible. \n \nSource archives: \n \n \n``<http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python_3.1.3-1ubuntu3.2.diff.gz>`` \nSize/MD5: 24067 485183927dd680eedb351cedbd0bb882 \n \n``<http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python_3.1.3-1ubuntu3.2.dsc>`` \nSize/MD5: 806 3b141dd6a13c2abc0c1780ff8d9c34aa \n \n``<http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python_3.1.3.orig.tar.gz>`` \nSize/MD5: 293548 2e1983e35edd428f308b0dfeb1c23bfe \n \nArchitecture independent packages: \n \n \n``<http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python-doc_3.1.3-1ubuntu3.2_all.deb>`` \nSize/MD5: 100700 6890472b77b13191bf5106123bbebc6c \n \n``<http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python_3.1.3-1ubuntu3.2_all.deb>`` \nSize/MD5: 12462 b48ab5f2c09c47bfe0c7c02243766c4f \n \namd64 architecture (Athlon64, Opteron, EM64T Xeon) \n \n \n``<http://security.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-python/libapache2-mod-python2.2_3.1.3-1ubuntu3.2_amd64.deb>`` \nSize/MD5: 87564 e331d0cbb7aacadc64ef44d41d326587 \n \n``<http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python2.3_3.1.3-1ubuntu3.2_amd64.deb>`` \nSize/MD5: 87650 0dcbdb227cae1b4721c4b8e0454b4ea6 \n \ni386 architecture (x86 compatible Intel/AMD) \n \n \n``<http://security.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-python/libapache2-mod-python2.2_3.1.3-1ubuntu3.2_i386.deb>`` \nSize/MD5: 80502 003d29054ae210f2f81826bac8de7856 \n \n``<http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python2.3_3.1.3-1ubuntu3.2_i386.deb>`` \nSize/MD5: 80538 1813380c5c39583e9311e117f2823aca \n \npowerpc architecture (Apple Macintosh G3/G4/G5) \n \n \n``<http://security.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-python/libapache2-mod-python2.2_3.1.3-1ubuntu3.2_powerpc.deb>`` \nSize/MD5: 85218 d56d5f3a5cda43096dda9d1d7fc3fc0b \n \n``<http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python2.3_3.1.3-1ubuntu3.2_powerpc.deb>`` \nSize/MD5: 85350 9df8b87f95570137d2402818a252b38d`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23356409 Feedback>).\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <https://rhn.redhat.com/errata/RHSA-2005-104.html>\n * <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=146655>\n * <http://secunia.com/advisories/14244/>\n * <http://secunia.com/advisories/14235/>\n * <http://security.gentoo.org/glsa/glsa-200502-14.xml>\n * <http://www.trustix.org/errata/2005/0003/>\n\n### Acknowledgements\n\nThanks to Graham Dumpleton and RedHat for reporting this vulnerability.\n\nThis document was written by Ken MacInnis.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2005-0088](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0088>) \n---|--- \n**Severity Metric:** | 1.26 \n**Date Public:** | 2005-02-11 \n**Date First Published:** | 2005-02-21 \n**Date Last Updated: ** | 2005-07-06 18:12 UTC \n**Document Revision: ** | 16 \n", "modified": "2005-07-06T18:12:00", "published": "2005-02-21T00:00:00", "id": "VU:356409", "href": "https://www.kb.cert.org/vuls/id/356409", "type": "cert", "title": "mod_python vulnerable to information disclosure via crafted URL", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T16:00:25", "bulletinFamily": "info", "description": "### Overview \n\nThe Squid web proxy cache may be vulnerable to oversized HTTP reply headers.\n\n### Description \n\nSquid functions as a web proxy and cache application for a number of protocols, including the hypertext transfer protocol (HTTP). A defect in the Squid HTTP handling prevents oversized reply headers relating to an HTTP protocol mismatch from being handled properly. \n \n--- \n \n### Impact \n\nThe complete impact of this vulnerability is not yet known. This vulnerability is platform independent. \n \n--- \n \n### Solution \n\n**Apply an update**\n\nAdministrators should obtain an updated version of Squid from their vendor. \n \n[Team Squid](<http://www.squid-cache.org/>) has created a patch for the current release version of Squid: [`squid-2.5.STABLE7-oversize_reply_headers.patch`](<http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch>) \n \nThis flaw has been patched in [Squid 2.5.STABLE8-RC4](<http://www.squid-cache.org/Versions/v2/2.5/>). More details are available in the [Squid Bugzilla bug #1216](<http://www.squid-cache.org/bugs/show_bug.cgi?id=1216>). \n \n--- \n \n### Vendor Information\n\n823350\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Squid __ Affected\n\nUpdated: February 04, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\n[Team Squid](<http://www.squid-cache.org/>) has created a patch for the current release version of Squid: [`squid-2.5.STABLE7-oversize_reply_headers.patch`](<http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch>)\n\nThis flaw has been patched in [Squid 2.5.STABLE8-RC4](<http://www.squid-cache.org/Versions/v2/2.5/>). More details are available in the [Squid Bugzilla bug #1216](<http://www.squid-cache.org/bugs/show_bug.cgi?id=1216>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23823350 Feedback>).\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers>\n * <http://www.squid-cache.org/bugs/show_bug.cgi?id=1216>\n * <http://secunia.com/advisories/14091/>\n\n### Acknowledgements\n\nThanks to Team Squid for reporting this vulnerability, who in turn credit Marc Elsen for finding the flaw.\n\nThis document was written by Ken MacInnis based primarily on information provided by Team Squid.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2005-0241](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0241>) \n---|--- \n**Severity Metric:** | 1.20 \n**Date Public:** | 2005-01-31 \n**Date First Published:** | 2005-02-04 \n**Date Last Updated: ** | 2005-02-07 21:18 UTC \n**Document Revision: ** | 19 \n", "modified": "2005-02-07T21:18:00", "published": "2005-02-04T00:00:00", "id": "VU:823350", "href": "https://www.kb.cert.org/vuls/id/823350", "type": "cert", "title": "Squid fails to properly handle oversized reply headers", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-07-02T16:00:24", "bulletinFamily": "info", "description": "### Overview \n\nThe Squid LDAP authentication routine `squid_ldap_auth()` fails to check for input characters, such as whitespace, that could be misused to possibly bypass access restrictions.\n\n### Description \n\nSquid functions as a web proxy and cache application for a number of protocols, and includes support for lightweight directory access protocol (LDAP) authentication. However, the `squid_ldap_auth()` function does not properly check for and sanitize input containing whitespace. This may allow remote attackers to log in using variants of existing user names, leading to bypass of security restrictions or creation of arbitrary accounting data. \n \n--- \n \n### Impact \n\nRemote attackers may be able to gain elevated privileges or could pollute accounting data with invalid entries. This flaw is platform independent. \n \n--- \n \n### Solution \n\n**Apply an update**\n\nAdministrators should obtain an updated version of Squid from their vendor if LDAP authentication is used. \n \n[Team Squid](<http://www.squid-cache.org/>) has created a patch for the current release version of Squid: [`squid-2.5.STABLE7-ldap_spaces.patch`](<http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch>) \n \nThis flaw has been patched in [Squid 2.5.STABLE8-RC4](<http://www.squid-cache.org/Versions/v2/2.5/>). More details are available in the [Squid Bugzilla bug #1187](<http://www.squid-cache.org/bugs/show_bug.cgi?id=1187>). \n \n--- \n \nSquid administrators may either disable LDAP authentication or block usernames containing whitespace as a workaround. \n \n--- \n \n### Vendor Information\n\n924198\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Squid __ Affected\n\nUpdated: February 04, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\n[Team Squid](<http://www.squid-cache.org/>) has created a patch for the current release version of Squid: [`squid-2.5.STABLE7-ldap_spaces.patch`](<http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch>)\n\nThis flaw has been patched in [Squid 2.5.STABLE8-RC4](<http://www.squid-cache.org/Versions/v2/2.5/>). More details are available in the [Squid Bugzilla bug #1187](<http://www.squid-cache.org/bugs/show_bug.cgi?id=1187>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23924198 Feedback>).\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces>\n * <http://www.squid-cache.org/bugs/show_bug.cgi?id=1187>\n * <http://secunia.com/advisories/13843/>\n\n### Acknowledgements\n\nThanks to Team Squid for reporting this vulnerability, who in turn credit Andrew P with the discovery of this flaw.\n\nThis document was written by Ken MacInnis based primarily on information provided by Team Squid.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2005-0173](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0173>) \n---|--- \n**Severity Metric:** | 6.30 \n**Date Public:** | 2005-01-17 \n**Date First Published:** | 2005-02-04 \n**Date Last Updated: ** | 2005-02-11 22:01 UTC \n**Document Revision: ** | 25 \n", "modified": "2005-02-11T22:01:00", "published": "2005-02-04T00:00:00", "id": "VU:924198", "href": "https://www.kb.cert.org/vuls/id/924198", "type": "cert", "title": "Squid LDAP authentication routines fail to check for invalid input", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T16:00:26", "bulletinFamily": "info", "description": "### Overview \n\nThe Squid web proxy cache is vulnerable to a buffer overflow when handing overly long web cache communications protocol (WCCP) messages. Such messages could crash the Squid process and produce a denial of service condition. \n\n### Description \n\nSquid functions as a web proxy and cache application for number of protocols. It supports WCCP to enable communications between routers and web caches. A `recvfrom()` call in the WCCP handling routines accepts more data than the buffer size may be able to handle. An attacker may be able to crash the Squid process by sending an overly-long WCCP message. \n \n--- \n \n### Impact \n\nA remote unauthenticated attacker may be able to crash the Squid process and create a denial of service condition. Sites not using WCCP, which is disabled by default, are not affected. \n \n--- \n \n### Solution \n\n**Apply an update**\n\nAdministrators should obtain an updated version of Squid from their vendor if WCCP is used. \n \n[Team Squid](<http://www.squid-cache.org/>) has created a patch for the current release version of Squid, described in [Squid Proxy Cache Security Update Advisory SQUID-2005:3](<http://www.squid-cache.org/Advisories/SQUID-2005_3.txt>). \n \nThis flaw has been patched in [Squid 2.5.STABLE8-RC4](<http://www.squid-cache.org/Versions/v2/2.5/>). More details are available in the [Squid Bugzilla bug #1217](<http://www.squid-cache.org/bugs/show_bug.cgi?id=1217>). \n \n--- \n \nSites not requiring WCCP should disable the 'wccp_router' option in the Squid configuration file. Note that this option is disabled by default. \n \n--- \n \n### Vendor Information\n\n886006\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Squid __ Affected\n\nUpdated: February 04, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\n[Team Squid](<http://www.squid-cache.org/>) has created a patch for the current release version of Squid, described in [Squid Proxy Cache Security Update Advisory SQUID-2005:3](<http://www.squid-cache.org/Advisories/SQUID-2005_3.txt>).\n\nThis flaw has been patched in [Squid 2.5.STABLE8-RC4](<http://www.squid-cache.org/Versions/v2/2.5/>). More details are available in the [Squid Bugzilla bug #1217](<http://www.squid-cache.org/bugs/show_bug.cgi?id=1217>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23886006 Feedback>).\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://www.squid-cache.org/Advisories/SQUID-2005_3.txt>\n * <http://www.squid-cache.org/bugs/show_bug.cgi?id=1217>\n * <http://secunia.com/advisories/14076/>\n\n### Acknowledgements\n\nThanks to Team Squid for reporting this vulnerability, who in turn credit the FSC Vulnerability Research Team with the discovery of this flaw.\n\nThis document was written by Ken MacInnis based primarily on information provided by Team Squid.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2005-0211](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0211>) \n---|--- \n**Severity Metric:** | 7.50 \n**Date Public:** | 2005-01-28 \n**Date First Published:** | 2005-02-04 \n**Date Last Updated: ** | 2005-02-08 21:29 UTC \n**Document Revision: ** | 21 \n", "modified": "2005-02-08T21:29:00", "published": "2005-02-04T00:00:00", "id": "VU:886006", "href": "https://www.kb.cert.org/vuls/id/886006", "type": "cert", "title": "Squid vulnerable to buffer overflow via an overly long WCCP message", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T16:00:26", "bulletinFamily": "info", "description": "### Overview \n\nMultiple interconnected devices process valid HTTP request headers inconsistently and in this may manner may allow a remote attacker to poison a cache, conduct cross-site scripting attacks, and hijack user sessions. Attackers may use these flaws to launch a class of attacks referred to as HTTP response splitting.\n\n### Description \n\n[HTTP request headers](<http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html>) contain parameters to describe an HTTP request, such as a request's size, type, source, and destination. Entities that handle HTTP data, such as web servers, web caches, and proxy servers, may not process HTTP requests in a consistent manner. A remote attacker may be able to leverage this inconsistency to force incorrect and possibly malicious data to be returned in response to a valid request.\n\nBy including multiple `Content-length` headers along with crafted, embedded carriage return-line feed (CRLF) pairs within the request data, the attacker may be able to send multiple requests through the web cache or browser cache in between the user and web server. The attacker is then able to control the content of the second response from the target in question, and can now perform the following attacks: \n \n**Cross-Site Scripting (XSS)**: The XSS attack can now be attempted even without complete control of the `Location` header. \n**Web Cache Poisoning**: A web cache may be poisoned into accepting data supplied by the attacker and indexing it as the true data for a given page. \n**Cross User Attacks**: Multiple successive users may be served data supplied by the attacker, allowing the attacker to set or read session state and perform other tasks. \n**Page Hijacking**: Some leakage of confidential user information may occur. \n**Browser Cache Poisoning**: Similar to the web cache poisoning scenario, a user's web browser may cache attacker-controlled data. \n \nIn some cases, this may also lead to a reversal of the attack scenario if the user downloads content which, when loaded or executed, carries out the attack in a manner that delivers protected or otherwise inaccessible content to the attacker. \n \nHTTP Response Splitting is outlined in depth in the [Watchfire HTTP Response Splitting whitepaper](<https://www.watchfire.com/securearea/whitepapers.aspx?id=8>). \n \n--- \n \n### Impact \n\nA remote unauthenticated attacker may be able to inject malicious content into a web or browser cache, to perform cross-site scripting attacks, to hijack user and session data, or to bypass content protection mechanisms. These flaws are platform independent. \n \n--- \n \n### Solution \n\n**Apply an update** \nContact your vendor for patches, updates, fixes, and workarounds. \n \n--- \n \n**Do not follow unsolicited links** \n \nDo not click on unsolicited links received in email, instant messages, web forums, or internet relay chat (IRC) channels. Type URLs directly into the browser to avoid these misleading links. While these are generally good security practices, following these behaviors will not prevent exploitation of this vulnerability in all cases, particularly if a trusted site has been compromised or allows cross-site scripting. \n** \nCheck Certificates** \n \nUS-CERT recommends that prior to providing any sensitive information over a secure (HTTPS) connection, you check the name recorded in the certificate to be sure that it matches the name of the site to which you think you are connecting. \n \n--- \n \n### Vendor Information\n\n768702\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### IBM Corporation __ Affected\n\nUpdated: July 25, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nLotus Domino is affected. IBM has published details, fixes, and workarounds in the \"[Lotus Domino allows HTTP header injection](<http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202437>)\" note. The issue is addressed in Domino 6.5.4 and 6.0.5.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23768702 Feedback>).\n\n### Squid __ Affected\n\nUpdated: July 25, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\n[Team Squid](<http://www.squid-cache.org/>) has created a patch for the current release version of Squid available online [here](<http://www.squid-cache.org/Advisories/SQUID-2005_5.txt>).\n\nThis flaw has been patched in [Squid 2.5.STABLE8](<http://www.squid-cache.org/Versions/v2/2.5/>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23768702 Feedback>).\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <https://www.watchfire.com/securearea/whitepapers.aspx?id=8>\n * <http://www.securityfocus.com/bid/12433>\n\n### Acknowledgements\n\nThanks to Watchfire for reporting this vulnerability.\n\nThis document was written by Ken MacInnis.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2005-0175](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0175>) \n---|--- \n**Severity Metric:** | 10.08 \n**Date Public:** | 2005-01-25 \n**Date First Published:** | 2005-02-04 \n**Date Last Updated: ** | 2007-03-05 15:50 UTC \n**Document Revision: ** | 29 \n", "modified": "2007-03-05T15:50:00", "published": "2005-02-04T00:00:00", "id": "VU:768702", "href": "https://www.kb.cert.org/vuls/id/768702", "type": "cert", "title": "Multiple devices process HTTP requests inconsistently", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:08", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.ubuntulinux.org/support/documentation/usn/usn-67-1)\nSecurity Tracker: 1012818\n[Secunia Advisory ID:14484](https://secuniaresearch.flexerasoftware.com/advisories/14484/)\n[Secunia Advisory ID:14251](https://secuniaresearch.flexerasoftware.com/advisories/14251/)\n[Secunia Advisory ID:13789](https://secuniaresearch.flexerasoftware.com/advisories/13789/)\n[Secunia Advisory ID:13953](https://secuniaresearch.flexerasoftware.com/advisories/13953/)\n[Secunia Advisory ID:14023](https://secuniaresearch.flexerasoftware.com/advisories/14023/)\n[Related OSVDB ID: 13114](https://vulners.com/osvdb/OSVDB:13114)\nRedHat RHSA: RHSA-2005:061\nOther Advisory URL: http://www.astaro.org/showflat.php?Cat=&Number=56136&page=0&view=collapsed&sb=5&o=&fpart=1#56136\nOther Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000923\nOther Advisory URL: http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth\n[CVE-2005-0097](https://vulners.com/cve/CVE-2005-0097)\n", "modified": "2005-01-08T07:33:09", "published": "2005-01-08T07:33:09", "href": "https://vulners.com/osvdb/OSVDB:12816", "id": "OSVDB:12816", "type": "osvdb", "title": "Squid NTLM Component Malformed Type 3 Message DoS", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:09", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.squid-cache.org/\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200502-04.xml)\n[Secunia Advisory ID:14484](https://secuniaresearch.flexerasoftware.com/advisories/14484/)\n[Secunia Advisory ID:14251](https://secuniaresearch.flexerasoftware.com/advisories/14251/)\n[Secunia Advisory ID:14091](https://secuniaresearch.flexerasoftware.com/advisories/14091/)\nRedHat RHSA: RHSA-2005:061\nOther Advisory URL: http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers\nOther Advisory URL: http://www.astaro.org/showflat.php?Cat=&Number=56136&page=0&view=collapsed&sb=5&o=&fpart=1#56136\n[CVE-2005-0241](https://vulners.com/cve/CVE-2005-0241)\nCERT VU: 823350\n", "modified": "2005-01-31T06:34:21", "published": "2005-01-31T06:34:21", "href": "https://vulners.com/osvdb/OSVDB:13345", "id": "OSVDB:13345", "title": "Squid Oversized Reply Header Handling Security Issue", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:08", "bulletinFamily": "software", "description": "## Vulnerability Description\nSquid contains a flaw that may allow a remote denial of service. The issue is triggered by a memory leak in fakeauth_auth helper which may cause it to run out of memory if put under a high load, and can result in loss of availability for the service.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Team Squid has released a patch to address this vulnerability.\n## Short Description\nSquid contains a flaw that may allow a remote denial of service. The issue is triggered by a memory leak in fakeauth_auth helper which may cause it to run out of memory if put under a high load, and can result in loss of availability for the service.\n## References:\n[Vendor Specific Advisory URL](http://www.ubuntulinux.org/support/documentation/usn/usn-67-1)\nSecurity Tracker: 1012818\n[Secunia Advisory ID:14484](https://secuniaresearch.flexerasoftware.com/advisories/14484/)\n[Secunia Advisory ID:14251](https://secuniaresearch.flexerasoftware.com/advisories/14251/)\n[Secunia Advisory ID:13953](https://secuniaresearch.flexerasoftware.com/advisories/13953/)\n[Secunia Advisory ID:13789](https://secuniaresearch.flexerasoftware.com/advisories/13789/)\n[Secunia Advisory ID:14023](https://secuniaresearch.flexerasoftware.com/advisories/14023/)\n[Related OSVDB ID: 12816](https://vulners.com/osvdb/OSVDB:12816)\nRedHat RHSA: RHSA-2005:061\nOther Advisory URL: http://www.astaro.org/showflat.php?Cat=&Number=56136&page=0&view=collapsed&sb=5&o=&fpart=1#56136\nOther Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000923\nOther Advisory URL: http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth\nISS X-Force ID: 18818\n[CVE-2005-0096](https://vulners.com/cve/CVE-2005-0096)\n", "modified": "2005-01-08T07:33:09", "published": "2005-01-08T07:33:09", "href": "https://vulners.com/osvdb/OSVDB:13114", "id": "OSVDB:13114", "title": "Squid NTLM fakeauth_auth Helper Memory Leak DoS", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:08", "bulletinFamily": "software", "description": "## Vulnerability Description\nA remote overflow exists in Squid. The 'gopherToHTML()' function fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request from a malicious gopher server which response with overly long lines, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Robert Collins et al. has released a patch to address this vulnerability.\n## Short Description\nA remote overflow exists in Squid. The 'gopherToHTML()' function fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request from a malicious gopher server which response with overly long lines, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.\n## References:\nVendor URL: http://www.squid-cache.org/\nVendor Specific Solution URL: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-gopher_html_parsing.patch\n[Vendor Specific Advisory URL](http://www.ubuntulinux.org/support/documentation/usn/usn-67-1)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200501-25.xml)\n[Vendor Specific Advisory URL](http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-gopher_html_parsing)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2005/dsa-651)\nSecurity Tracker: 1012883\n[Secunia Advisory ID:13825](https://secuniaresearch.flexerasoftware.com/advisories/13825/)\n[Secunia Advisory ID:13983](https://secuniaresearch.flexerasoftware.com/advisories/13983/)\n[Secunia Advisory ID:14484](https://secuniaresearch.flexerasoftware.com/advisories/14484/)\n[Secunia Advisory ID:14251](https://secuniaresearch.flexerasoftware.com/advisories/14251/)\n[Secunia Advisory ID:14023](https://secuniaresearch.flexerasoftware.com/advisories/14023/)\n[Related OSVDB ID: 12886](https://vulners.com/osvdb/OSVDB:12886)\nRedHat RHSA: RHSA-2005:061\nOther Advisory URL: http://www.astaro.org/showflat.php?Cat=&Number=56136&page=0&view=collapsed&sb=5&o=&fpart=1#56136\nOther Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000923\nOther Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:014\nISS X-Force ID: 18888\n[CVE-2005-0094](https://vulners.com/cve/CVE-2005-0094)\n", "modified": "2005-01-12T17:31:38", "published": "2005-01-12T17:31:38", "href": "https://vulners.com/osvdb/OSVDB:12887", "id": "OSVDB:12887", "type": "osvdb", "title": "Squid gopherToHTML() Function Remote Overflow", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:08", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.squid-cache.org/\nVendor Specific Solution URL: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_denial_of_service.patch\n[Vendor Specific Advisory URL](http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_denial_of_service)\n[Vendor Specific Advisory URL](http://www.ubuntulinux.org/support/documentation/usn/usn-67-1)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200501-25.xml)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2005/dsa-651)\nSecurity Tracker: 1012882\n[Secunia Advisory ID:13825](https://secuniaresearch.flexerasoftware.com/advisories/13825/)\n[Secunia Advisory ID:13943](https://secuniaresearch.flexerasoftware.com/advisories/13943/)\n[Secunia Advisory ID:14484](https://secuniaresearch.flexerasoftware.com/advisories/14484/)\n[Secunia Advisory ID:13864](https://secuniaresearch.flexerasoftware.com/advisories/13864/)\n[Secunia Advisory ID:14251](https://secuniaresearch.flexerasoftware.com/advisories/14251/)\n[Secunia Advisory ID:13953](https://secuniaresearch.flexerasoftware.com/advisories/13953/)\n[Secunia Advisory ID:14023](https://secuniaresearch.flexerasoftware.com/advisories/14023/)\n[Related OSVDB ID: 12887](https://vulners.com/osvdb/OSVDB:12887)\nRedHat RHSA: RHSA-2005:061\nOther Advisory URL: http://www.astaro.org/showflat.php?Cat=&Number=56136&page=0&view=collapsed&sb=5&o=&fpart=1#56136\nOther Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000923\n[CVE-2005-0095](https://vulners.com/cve/CVE-2005-0095)\n", "modified": "2005-01-12T17:31:38", "published": "2005-01-12T17:31:38", "href": "https://vulners.com/osvdb/OSVDB:12886", "id": "OSVDB:12886", "type": "osvdb", "title": "Squid Malformed WCCP_I_SEE_YOU Messsage DoS", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:08", "bulletinFamily": "software", "description": "## Vulnerability Description\nSquid contains a flaw that may allow a malicious user to bypass access controls. The issue is triggered when a user adds spaces as padding around the username, when Squid authenticates against LDAP. It is possible that the flaw may allow circumvention of access controls resulting in a loss of integrity.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Team Squid has released a patch to address this vulnerability.\n## Short Description\nSquid contains a flaw that may allow a malicious user to bypass access controls. The issue is triggered when a user adds spaces as padding around the username, when Squid authenticates against LDAP. It is possible that the flaw may allow circumvention of access controls resulting in a loss of integrity.\n## References:\n[Vendor Specific Advisory URL](http://www.debian.org/security/2005/dsa-667)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200502-04.xml)\n[Secunia Advisory ID:14228](https://secuniaresearch.flexerasoftware.com/advisories/14228/)\n[Secunia Advisory ID:14484](https://secuniaresearch.flexerasoftware.com/advisories/14484/)\n[Secunia Advisory ID:14251](https://secuniaresearch.flexerasoftware.com/advisories/14251/)\n[Secunia Advisory ID:13843](https://secuniaresearch.flexerasoftware.com/advisories/13843/)\n[Secunia Advisory ID:14185](https://secuniaresearch.flexerasoftware.com/advisories/14185/)\nRedHat RHSA: RHSA-2005:061\nOther Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:034\nOther Advisory URL: http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces\nOther Advisory URL: http://www.astaro.org/showflat.php?Cat=&Number=56136&page=0&view=collapsed&sb=5&o=&fpart=1#56136\nOther Advisory URL: http://www.ubuntulinux.org/support/documentation/usn/usn-77-1\n[CVE-2005-0173](https://vulners.com/cve/CVE-2005-0173)\n", "modified": "2005-01-17T16:12:58", "published": "2005-01-17T16:12:58", "id": "OSVDB:13054", "href": "https://vulners.com/osvdb/OSVDB:13054", "title": "Squid LDAP Proxy Username Whitespace Login Bypass", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:08", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.debian.org/security/2005/dsa-667)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200502-04.xml)\nSecurity Tracker: 1013045\n[Secunia Advisory ID:14076](https://secuniaresearch.flexerasoftware.com/advisories/14076/)\n[Secunia Advisory ID:14228](https://secuniaresearch.flexerasoftware.com/advisories/14228/)\n[Secunia Advisory ID:14484](https://secuniaresearch.flexerasoftware.com/advisories/14484/)\n[Secunia Advisory ID:14251](https://secuniaresearch.flexerasoftware.com/advisories/14251/)\n[Secunia Advisory ID:14185](https://secuniaresearch.flexerasoftware.com/advisories/14185/)\nRedHat RHSA: RHSA-2005:061\nOther Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:034\nOther Advisory URL: http://www.astaro.org/showflat.php?Cat=&Number=56136&page=0&view=collapsed&sb=5&o=&fpart=1#56136\nOther Advisory URL: http://www.squid-cache.org/Advisories/SQUID-2005_3.txt\nOther Advisory URL: http://www.ubuntulinux.org/support/documentation/usn/usn-77-1\n[CVE-2005-0211](https://vulners.com/cve/CVE-2005-0211)\n", "modified": "2005-01-18T09:12:53", "published": "2005-01-18T09:12:53", "id": "OSVDB:13319", "href": "https://vulners.com/osvdb/OSVDB:13319", "title": "Squid WCCP recvfrom() Function Overflow", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:09", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.squid-cache.org/\n[Vendor Specific Advisory URL](http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2005/dsa-667)\n[Vendor Specific Advisory URL](http://www.squid-cache.org/Advisories/SQUID-2005_5.txt)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200502-04.xml)\nSecurity Tracker: 1012992\n[Secunia Advisory ID:14228](https://secuniaresearch.flexerasoftware.com/advisories/14228/)\n[Secunia Advisory ID:14484](https://secuniaresearch.flexerasoftware.com/advisories/14484/)\n[Secunia Advisory ID:15093](https://secuniaresearch.flexerasoftware.com/advisories/15093/)\n[Secunia Advisory ID:14251](https://secuniaresearch.flexerasoftware.com/advisories/14251/)\n[Secunia Advisory ID:14185](https://secuniaresearch.flexerasoftware.com/advisories/14185/)\nRedHat RHSA: RHSA-2005:061\nOther Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:034\nOther Advisory URL: http://www.redhat.com/support/errata/RHSA-2005-060.html\nOther Advisory URL: http://www.astaro.org/showflat.php?Cat=&Number=56136&page=0&view=collapsed&sb=5&o=&fpart=1#56136\nOther Advisory URL: http://www.redhat.com/support/errata/RHSA-2005-061.html\nOther Advisory URL: http://www.ubuntulinux.org/support/documentation/usn/usn-77-1\nISS X-Force ID: 19060\nISS X-Force ID: 20339\n[CVE-2005-0175](https://vulners.com/cve/CVE-2005-0175)\nCIAC Advisory: P-138\nCERT VU: 625878\n", "modified": "2005-01-25T07:36:01", "published": "2005-01-25T07:36:01", "id": "OSVDB:13346", "href": "https://vulners.com/osvdb/OSVDB:13346", "title": "Squid HTTP Response Splitting Cache Poisoning", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:09", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.squid-cache.org/\n[Vendor Specific Advisory URL](http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2005/dsa-667)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200502-04.xml)\n[Secunia Advisory ID:14228](https://secuniaresearch.flexerasoftware.com/advisories/14228/)\n[Secunia Advisory ID:14484](https://secuniaresearch.flexerasoftware.com/advisories/14484/)\n[Secunia Advisory ID:15093](https://secuniaresearch.flexerasoftware.com/advisories/15093/)\n[Secunia Advisory ID:14251](https://secuniaresearch.flexerasoftware.com/advisories/14251/)\n[Secunia Advisory ID:14185](https://secuniaresearch.flexerasoftware.com/advisories/14185/)\nRedHat RHSA: RHSA-2005:061\nOther Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:034\nOther Advisory URL: http://www.astaro.org/showflat.php?Cat=&Number=56136&page=0&view=collapsed&sb=5&o=&fpart=1#56136\nOther Advisory URL: http://www.ubuntulinux.org/support/documentation/usn/usn-77-1\nOther Advisory URL: http://www.sourcefire.com/services/advisories/sa062905.html\nMail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=110780531820947&w=2\n[CVE-2005-0174](https://vulners.com/cve/CVE-2005-0174)\nCERT VU: 768702\n", "modified": "2005-01-27T00:00:00", "published": "2005-01-27T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:13732", "id": "OSVDB:13732", "title": "Squid Multiple Method Invalid Header Cache Poisoning", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "suse": [{"lastseen": "2016-09-04T12:08:03", "bulletinFamily": "unix", "description": "Squid is an Open Source web proxy. A remote attacker was potentially able to crash the Squid web proxy if the log_fqdn option was set to \"on\" and the DNS replies were manipulated.\n#### Solution\nInstall the fixed packages.", "modified": "2005-02-22T13:31:16", "published": "2005-02-22T13:31:16", "id": "SUSE-SA:2005:008", "href": "http://lists.opensuse.org/opensuse-security-announce/2005-02/msg00019.html", "title": "remote denial of service in squid", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}
