Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0095

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-0095
Last Modified 21 Aug 2010 12:25:29
Published 15 Jan 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0095

Summary

The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers.

Vulnerable Systems

Application

  • Squid 2.0 Patch2

  • Squid 2.1 Patch2

  • Squid 2.3 .stable4

  • Squid 2.3 .stable5

  • Squid 2.3 Stable5

  • Squid 2.4

  • Squid 2.4 .stable2

  • Squid 2.4 .stable6

  • Squid 2.4 .stable7

  • Squid 2.4 Stable7

  • Squid 2.5 .stable1

  • Squid 2.5 .stable3

  • Squid 2.5 .stable4

  • Squid 2.5 .stable5

  • Squid 2.5 .stable6

  • Squid 2.5 Stable3

  • Squid 2.5 Stable4

  • Squid 2.5 Stable9

  • Squid 2.5.6

  • Squid 2.5.stable1

  • Squid 2.5.stable2

  • Squid 2.5.stable3

  • Squid 2.5.stable4

  • Squid 2.5.stable5

  • Squid 2.5.stable6

  • Squid 2.5.stable7

  • Squid 2.6.stable1


References

TRUSTIX - 2005-0003

CONFIRM - http://www.squid-cache.org/Advisories/SQUID-2005_2.txt

REDHAT - RHSA-2005:061

REDHAT - RHSA-2005:060

SUSE - SUSE-SA:2005:006

DEBIAN - DSA-651

GENTOO - GLSA-200501-25

SECUNIA - 13825

CONECTIVA - CLA-2005:923

CONFIRM - http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_denial_of_service.patch

BID - 12275

OSVDB - 12886

MANDRAKE - MDKSA-2005:014

SECTRACK - 1012882

FEDORA - FLSA-2006:152809


Last Updated: 27 May 2016 10:39:40