Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0068

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0068
Last Modified 05 Sep 2008 04:27:05
Published 08 Mar 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0068

Summary

Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters.

Vulnerable Systems

Operating System

  • Redhat Linux 6.2

  • Redhat Linux 7.0

  • Redhat Linux 7.1

  • Redhat Linux 7.2

Application

  • Squid 2.4 Stable 3


References

REDHAT - RHSA-2002:029

CONFIRM - http://www.squid-cache.org/Versions/v2/2.4/bugs/

BID - 4148

OSVDB - 5378

SUSE - SuSE-SA:2002:008

MANDRAKE - MDKSA-2002:016

XF - squid-ftpbuildtitleurl-bo(8258)

CALDERA - CSSA-2002-010.0

BUGTRAQ - 20020222 TSLSA-2002-0031 - squid

BUGTRAQ - 20020222 Squid buffer overflow

BUGTRAQ - 20020221 Squid HTTP Proxy Security Update Advisory 2002:1

CONECTIVA - CLA-2002:464

CALDERA - CSSA-2002-SCO.7

FREEBSD - FreeBSD-SA-02:12


Last Updated: 27 May 2016 10:36:46