Vulnerability Name:

CVE-2002-0713 (CCN-9480)

Assigned:2002-07-03
Published:2002-07-03
Updated:2016-10-18
Summary:Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CALDERA
Type: UNKNOWN
CSSA-2002-046.0

Source: CCN
Type: FreeBSD Security Notice FreeBSD-SN-02:05
security issues in ports

Source: MITRE
Type: CNA
CVE-2002-0713

Source: CCN
Type: Conectiva Linux Announcement CLSA-2002:506
squid

Source: BUGTRAQ
Type: UNKNOWN
20020715 TSLSA-2002-0062 - squid

Source: REDHAT
Type: UNKNOWN
RHSA-2002:051

Source: CCN
Type: RHSA-2002-130
squid security update

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2002:130

Source: XF
Type: UNKNOWN
squid-gopher-bo(9480)

Source: XF
Type: UNKNOWN
squid-ftp-dir-bo(9481)

Source: XF
Type: UNKNOWN
squid-msnt-helper-bo(9482)

Source: MANDRAKE
Type: Patch
MDKSA-2002:044

Source: CCN
Type: BID-5153
Multiple Squid Remote Code Execution Vulnerabilities

Source: BID
Type: UNKNOWN
5155

Source: CCN
Type: BID-5155
Squid MSNT Auth Helper Buffer Overflow Vulnerability

Source: BID
Type: UNKNOWN
5156

Source: CCN
Type: BID-5156
Squid FTP Directory Parsing Buffer Overflow Vulnerability

Source: BID
Type: UNKNOWN
5157

Source: CCN
Type: BID-5157
Squid Gopher Proxy Buffer Overflow Vulnerability

Source: CCN
Type: Squid Proxy Cache Security Update Advisory SQUID-2002:3
Squid Proxy Cache Security Update Advisory

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.squid-cache.org/Advisories/SQUID-2002_3.txt

Source: CONFIRM
Type: Patch
http://www.squid-cache.org/Versions/v2/2.4/bugs/

Source: XF
Type: UNKNOWN
squid-gopher-bo(9480)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:squid:squid:*:*:*:*:*:*:*:* (Version <= 2.4.stable6)

    • Configuration CCN 1:
  • cpe:/a:squid-cache:squid:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.4.stable1:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.4.stable2:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.4.stable4:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.4.stable6:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:ports_collection:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2002-0713 (CCN-9481)

    Assigned:2002-07-03
    Published:2002-07-03
    Updated:2016-10-18
    Summary:Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    Vulnerability Type:CWE-Other
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-2002-0713

    Source: CCN
    Type: Conectiva Linux Announcement CLSA-2002:506
    squid

    Source: CCN
    Type: RHSA-2002-130
    squid security update

    Source: CCN
    Type: BID-5153
    Multiple Squid Remote Code Execution Vulnerabilities

    Source: CCN
    Type: BID-5155
    Squid MSNT Auth Helper Buffer Overflow Vulnerability

    Source: CCN
    Type: BID-5156
    Squid FTP Directory Parsing Buffer Overflow Vulnerability

    Source: CCN
    Type: BID-5157
    Squid Gopher Proxy Buffer Overflow Vulnerability

    Source: CCN
    Type: Squid Proxy Cache Security Update Advisory SQUID-2002:3
    Squid Proxy Cache Security Update Advisory

    Source: XF
    Type: UNKNOWN
    squid-ftp-dir-bo(9481)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:squid-cache:squid:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.4.stable1:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.4.stable2:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.4.stable4:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.4.stable6:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2002-0713 (CCN-9482)

    Assigned:2002-07-03
    Published:2002-07-03
    Updated:2002-07-03
    Summary:Squid is vulnerable to a buffer overflow in the MSNT auth helper component. Under certain configurations, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the proxy server to crash.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    Vulnerability Consequences:Gain Access
    References:Source: CCN
    Type: SCO Security Advisory CSSA-2003-SCO.9
    Buffer overflows and other security vulnerabilities in Squid

    Source: CCN
    Type: VulnWatch Mailing List, Mon Jun 03 2002 - 21:25:18 CDT
    [DER #11] - Remotey exploitable fmt string bug in squid

    Source: MITRE
    Type: CNA
    CVE-2002-0713

    Source: CCN
    Type: Conectiva Linux Announcement CLSA-2002:506
    squid

    Source: CCN
    Type: RHSA-2002-051
    New Squid packages available

    Source: CCN
    Type: RHSA-2002-130
    squid security update

    Source: CCN
    Type: BID-5155
    Squid MSNT Auth Helper Buffer Overflow Vulnerability

    Source: CCN
    Type: BID-5156
    Squid FTP Directory Parsing Buffer Overflow Vulnerability

    Source: CCN
    Type: BID-5157
    Squid Gopher Proxy Buffer Overflow Vulnerability

    Source: CCN
    Type: Squid Proxy Cache Security Update Advisory SQUID-2002:3
    Squid Proxy Cache Security Update Advisory

    Source: CCN
    Type: Trustix Secure Linux Security Advisory #2002-0062
    squid

    Source: XF
    Type: UNKNOWN
    squid-msnt-helper-bo(9482)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:squid-cache:squid:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.4.stable1:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.4.stable2:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.4.stable4:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.4.stable6:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.4:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_single_network_firewall:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.5:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_connectivity_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:novell:suse_linux_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:pseries:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:iseries:*

    • * Denotes that component is vulnerable
    BACK
    squid squid *
    squid-cache squid 2.1
    squid-cache squid 2.2
    squid-cache squid 2.4
    squid-cache squid 2.4.stable1
    squid-cache squid 2.3
    squid-cache squid 2.4.stable2
    squid-cache squid 2.0
    squid-cache squid 2.4.stable4
    squid-cache squid 2.4.stable6
    redhat linux 6.2
    freebsd ports collection *
    redhat linux 7
    conectiva linux 6.0
    redhat linux 7.1
    conectiva linux 7.0
    redhat linux 7.2
    conectiva linux 8.0
    redhat linux 7.3
    redhat enterprise linux 2.1
    squid-cache squid 2.1
    squid-cache squid 2.2
    squid-cache squid 2.4
    squid-cache squid 2.4.stable1
    squid-cache squid 2.3
    squid-cache squid 2.4.stable2
    squid-cache squid 2.0
    squid-cache squid 2.4.stable4
    squid-cache squid 2.4.stable6
    redhat linux 6.2
    redhat linux 7
    conectiva linux 6.0
    redhat linux 7.1
    conectiva linux 7.0
    redhat linux 7.2
    conectiva linux 8.0
    redhat linux 7.3
    redhat enterprise linux 2.1
    squid-cache squid 2.1
    squid-cache squid 2.2
    squid-cache squid 2.4
    squid-cache squid 2.4.stable1
    squid-cache squid 2.3
    squid-cache squid 2.4.stable2
    squid-cache squid 2.0
    squid-cache squid 2.4.stable4
    squid-cache squid 2.4.stable6
    redhat linux 6.2
    suse suse linux 6.4
    mandrakesoft mandrake linux 7.1
    trustix secure linux 1.1
    redhat linux 7
    mandrakesoft mandrake linux 7.2
    suse suse linux 7.0
    conectiva linux 6.0
    mandrakesoft mandrake linux corporate server 1.0.1
    suse suse linux 7.1
    redhat linux 7.1
    trustix secure linux 1.2
    mandrakesoft mandrake linux 8.0
    mandrakesoft mandrake single network firewall 7.2
    suse suse linux 7.2
    conectiva linux 7.0
    trustix secure linux 1.5
    mandrakesoft mandrake linux 8.1
    redhat linux 7.2
    suse suse linux 7.3
    suse suse linux connectivity server *
    mandrakesoft mandrake linux 8.2
    suse suse linux 8.0
    conectiva linux 8.0
    redhat linux 7.3
    novell suse linux enterprise server *
    redhat enterprise linux 2.1
    redhat linux 7.1
    redhat linux 7.1