Vulnerability Name:

CVE-2002-0068 (CCN-201)

Assigned:1997-07-01
Published:1997-07-01
Updated:2016-10-18
Summary:Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: FREEBSD
Type: UNKNOWN
FreeBSD-SA-02:12

Source: CALDERA
Type: UNKNOWN
CSSA-2002-SCO.7

Source: MITRE
Type: CNA
CVE-1999-0075

Source: MITRE
Type: CNA
CVE-1999-1293

Source: MITRE
Type: CNA
CVE-2001-0421

Source: MITRE
Type: CNA
CVE-2002-0068

Source: MITRE
Type: CNA
CVE-2002-0104

Source: CONECTIVA
Type: UNKNOWN
CLA-2002:464

Source: BUGTRAQ
Type: UNKNOWN
20020221 Squid HTTP Proxy Security Update Advisory 2002:1

Source: BUGTRAQ
Type: UNKNOWN
20020222 Squid buffer overflow

Source: BUGTRAQ
Type: UNKNOWN
20020222 TSLSA-2002-0031 - squid

Source: CCN
Type: RHSA-2002-029
New squid packages available

Source: CALDERA
Type: UNKNOWN
CSSA-2002-010.0

Source: XF
Type: UNKNOWN
squid-ftpbuildtitleurl-bo(8258)

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2002:016

Source: SUSE
Type: UNKNOWN
SuSE-SA:2002:008

Source: OSVDB
Type: UNKNOWN
5378

Source: CCN
Type: OSVDB ID: 5378
Squid FTP URL Special Character Handling Remote Overflow

Source: CCN
Type: OSVDB ID: 5742
WU-FTPD QUOTE PASV Forced Core Dump Information Disclosure

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2002:029

Source: CCN
Type: BID-2601
Solaris FTP Core Dump Shadow Password Recovery Vulnerability

Source: CCN
Type: BID-3806
AFTPD Home Directory Change Core Dump Vulnerability

Source: BID
Type: UNKNOWN
4148

Source: CCN
Type: BID-4148
Squid Cache FTP Proxy URL Buffer Overflow Vulnerability

Source: CONFIRM
Type: Exploit
http://www.squid-cache.org/Versions/v2/2.4/bugs/

Source: CCN
Type: WU-FTPD Web site
WU-FTPD Development Group

Source: XF
Type: UNKNOWN
ftp-args(201)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:squid:squid:*:*:*:*:*:*:*:* (Version <= 2.4_stable_3)

    • Configuration 2:
  • cpe:/o:redhat:linux:6.2:*:alpha:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:i386:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:sparc:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.0:*:alpha:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.0:*:i386:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:alpha:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:i386:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:ia64:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:i386:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:ia64:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:ibm:aix:*:*:*:*:*:*:*:*
  • OR cpe:/o:windriver:bsdos:*:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:*:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:*:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:*:*:*:*:*:*:*:*
  • OR cpe:/a:data_general:dg_ux:*:*:*:*:*:*:*:*
  • OR cpe:/o:sco:unix:*:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.3:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2002-0068 (CCN-8258)

    Assigned:2002-02-21
    Published:2002-02-21
    Updated:2002-02-21
    Summary:Squid is vulnerable to a denial of service attack caused by a buffer overflow in the ftpBuildTitleUrl() function. By sending an FTP request containing a specially-crafted username and password, a remote attacker could overflow a buffer and cause the proxy service to crash. It also may be possible for an attacker to use this vulnerability to gain root privileges on the server.
    CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Changed
    Impact Metrics:Confidentiality (C): High
    Integrity (I): High
    Availibility (A): High
    CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    Vulnerability Consequences:Gain Access
    References:Source: CCN
    Type: FreeBSD Security Advisory FreeBSD-SA-02:12
    multiple security vulnerabilities in squid port

    Source: CCN
    Type: Caldera International, Inc. Security Advisory CSSA-2002-010.0
    Linux: ftp vulnerability in squid

    Source: CCN
    Type: Caldera International, Inc. Security Advisory CSSA-2002-SCO.7
    OpenServer: multiple vulnerabilities in squid

    Source: CCN
    Type: BugTraq Mailing List, Fri Feb 22 2002 - 08:26:26 CST
    Squid buffer overflow

    Source: MITRE
    Type: CNA
    CVE-2002-0068

    Source: CCN
    Type: RHSA-2002-029
    New squid packages available

    Source: CCN
    Type: US-CERT VU#613459
    Squid Proxy Server contains buffer overflow in parsing of the authentication portion of FTP URLs

    Source: CCN
    Type: OSVDB ID: 5378
    Squid FTP URL Special Character Handling Remote Overflow

    Source: CCN
    Type: BID-4148
    Squid Cache FTP Proxy URL Buffer Overflow Vulnerability

    Source: CCN
    Type: Squid Web Proxy Cache Web site
    Squid Web Proxy Cache

    Source: CCN
    Type: Squid Proxy Cache Security Update Advisory SQUID-2002:1
    Squid HTTP Proxy Security Update Advisory 2002:1

    Source: CCN
    Type: Trustix Secure Linux Bugfix Advisory #2002-0031
    squid-cron

    Source: XF
    Type: UNKNOWN
    squid-ftpbuildtitleurl-bo(8258)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:squid-cache:squid:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.4.stable1:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.4.stable2:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.4.stable3:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.4:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:ports_collection:*:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.01:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_single_network_firewall:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.5:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    squid squid *
    redhat linux 6.2
    redhat linux 6.2
    redhat linux 6.2
    redhat linux 7.0
    redhat linux 7.0
    redhat linux 7.1
    redhat linux 7.1
    redhat linux 7.1
    redhat linux 7.2
    redhat linux 7.2
    washington_university wu-ftpd 2.6.1
    ibm aix *
    windriver bsdos *
    hp hp-ux *
    sgi irix *
    linux linux kernel *
    sun solaris *
    data_general dg ux *
    sco unix *
    ibm aix 4.3
    redhat linux 6.2
    redhat linux 7
    redhat linux 7.1
    compaq tru64 *
    redhat linux 7.2
    squid-cache squid 2.1
    squid-cache squid 2.2
    squid-cache squid 2.4
    squid-cache squid 2.4.stable1
    squid-cache squid 2.3
    squid-cache squid 2.4.stable2
    squid-cache squid 2.4.stable3
    squid-cache squid 2.0
    redhat linux 6.2
    suse suse linux 6.4
    mandrakesoft mandrake linux 7.1
    freebsd ports collection *
    trustix secure linux 1.1
    redhat linux 7
    mandrakesoft mandrake linux 7.2
    suse suse linux 7.0
    mandrakesoft mandrake linux corporate server 1.0.1
    suse suse linux 7.1
    redhat linux 7.1
    trustix secure linux 1.01
    trustix secure linux 1.2
    mandrakesoft mandrake linux 8.0
    mandrakesoft mandrake single network firewall 7.2
    suse suse linux 7.2
    trustix secure linux 1.5
    mandrakesoft mandrake linux 8.1
    redhat linux 7.2
    suse suse linux 7.3
    redhat linux 7.3