Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2654

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-2654
Last Modified 05 Sep 2008 04:44:44
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2654

Summary

The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor's bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5.

Vulnerable Systems

Application

  • Squid 2.5 Stable5


References

SECUNIA - 12754

MISC - http://www.squid-cache.org/bugs/show_bug.cgi?id=972

MISC - http://www.securitylab.ru/47881.html

OSVDB - 9801

VIM - 20060223 old Squid clientAbortBody issue - NOT an overflow?

SECTRACK - 1011214

SECUNIA - 12508


Last Updated: 27 May 2016 10:39:34