Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0714

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0714
Last Modified 05 Sep 2008 04:28:45
Published 26 Jul 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0714

Summary

FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.

Vulnerable Systems

Application

  • Squid 2.4.stable6


References

CONFIRM - http://www.squid-cache.org/Versions/v2/2.4/bugs/

CONFIRM - http://www.squid-cache.org/Advisories/SQUID-2002_3.txt

MANDRAKE - MDKSA-2002:044

REDHAT - RHSA-2002:130

BUGTRAQ - 20020715 TSLSA-2002-0062 - squid

BID - 5158

OSVDB - 5924

XF - squid-ftp-data-injection(9479)

REDHAT - RHSA-2002:051

CONECTIVA - CLA-2002:506

CALDERA - CSSA-2002-046.0


Last Updated: 27 May 2016 10:37:02