Vulnerability CVE-2005-0094 - CERT Civis.Net

Vulnerability Name:

CVE-2005-0094 (CCN-18888)

Assigned:

2005-01-12

Published:

2005-01-12

Updated:

2017-10-11

Summary:

Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: CCN
Type: SGI Security Advisory 20050207-01-U
SGI Advanced Linux Environment 3 Security Update #27

Source: MITRE
Type: CNA
CVE-2005-0094

Source: CONECTIVA
Type: Vendor Advisory
CLA-2005:923

Source: FEDORA
Type: UNKNOWN
FLSA-2006:152809

Source: CCN
Type: RHSA-2005-060
squid security update

Source: CCN
Type: RHSA-2005-061
squid security update

Source: CCN
Type: SA13825
Squid Two Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
13825

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200501-25

Source: CCN
Type: CIAC Information Bulletin P-138
Updated Squid Package Fixes Security Issues

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-651

Source: DEBIAN
Type: DSA-651
squid -- buffer overflow

Source: CCN
Type: GLSA-200501-25
Squid: Multiple vulnerabilities

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2005:014

Source: SUSE
Type: Vendor Advisory
SUSE-SA:2005:006

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2005:060

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2005:061

Source: BID
Type: UNKNOWN
12276

Source: CCN
Type: BID-12276
Squid Proxy Gopher To HTML Remote Buffer Overflow Vulnerability

Source: CCN
Type: Squid Web Proxy Cache Web site
Squid Web Proxy Cache

Source: CONFIRM
Type: Exploit, Vendor Advisory
http://www.squid-cache.org/Advisories/SQUID-2005_1.txt

Source: CONFIRM
Type: Vendor Advisory
http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-gopher_html_parsing.patch

Source: TRUSTIX
Type: Vendor Advisory
2005-0003

Source: CCN
Type: TLSA-2005-24
Multiple vulnerabilities exist in Squid

Source: CCN
Type: USN-67-1
Squid vulnerabilities

Source: XF
Type: UNKNOWN
squid-gophertohtml-bo(18888)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11146

Source: SUSE
Type: SUSE-SA:2005:006
squid: remote command execution

Source: SUSE
Type: SUSE-SR:2005:003
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:squid:squid:2.0_patch2:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.1_patch2:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.3_.stable4:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.3_.stable5:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.3_stable5:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.4:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.4_.stable2:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.4_.stable6:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.4_.stable7:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.4_stable7:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5.6:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5.stable1:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5.stable2:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5.stable3:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5.stable4:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5.stable5:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5.stable6:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5.stable7:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5_stable3:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5_stable4:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5_stable9:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.6.stable1:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:squid-cache:squid:2.4:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.5.stable5:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.5.stable7:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.5.stable9:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.4.stable2:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.4.stable6:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.5.stable4:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.5.stable3:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.5.stable1:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.4.stable7:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.5.stable2:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.6.stable1:*:*:*:*:*:*:*

AND

cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*

OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*

OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:aw:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20050094	V	CVE-2005-0094	2022-05-20
oval:org.opensuse.security:def:42440	P	Security update for python3 (Moderate)	2022-04-19
oval:org.opensuse.security:def:31375	P	Security update for libvirt (Important)	2022-01-10
oval:org.opensuse.security:def:26186	P	Security update for libqt4 (Important)	2021-12-22
oval:org.opensuse.security:def:31717	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:31301	P	Security update for samba (Important)	2021-11-19
oval:org.opensuse.security:def:32214	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:32215	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:26159	P	Security update for systemd (Moderate)	2021-11-04
oval:org.opensuse.security:def:42229	P	Security update for util-linux (Moderate)	2021-10-20
oval:org.opensuse.security:def:31290	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-10-18
oval:org.opensuse.security:def:31289	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-10-18
oval:org.opensuse.security:def:26148	P	Security update for javapackages-tools, javassist, mysql-connector-java, protobuf, python-python-gflags (Important)	2021-10-15
oval:org.opensuse.security:def:26129	P	Security update for gtk-vnc (Moderate)	2021-09-16
oval:org.opensuse.security:def:32996	P	Security update for xerces-c (Important)	2021-09-03
oval:org.opensuse.security:def:32165	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:26104	P	Security update for libcares2 (Important)	2021-08-16
oval:org.opensuse.security:def:31656	P	Security update for systemd (Important)	2021-07-21
oval:org.opensuse.security:def:26090	P	Security update for systemd (Moderate)	2021-07-20
oval:org.opensuse.security:def:32128	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:42702	P	squid3-3.1.12-8.16.20.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36295	P	squid3-3.1.12-8.16.20.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32109	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:26051	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:26048	P	Security update for the Linux Kernel (Important)	2021-05-13
oval:org.opensuse.security:def:32071	P	Security update for qemu (Important)	2021-04-16
oval:org.opensuse.security:def:32065	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-04-07
oval:org.opensuse.security:def:26212	P	Security update for python3 (Moderate)	2021-03-19
oval:org.opensuse.security:def:32275	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:31743	P	Security update for python (Moderate)	2021-03-16
oval:org.opensuse.security:def:32253	P	Security update for python (Important)	2021-02-11
oval:org.opensuse.security:def:32957	P	Security update for postgresql, postgresql12, postgresql13 (Important)	2021-01-26
oval:org.opensuse.security:def:32004	P	Security update for postgresql12 (Important)	2020-12-04
oval:org.opensuse.security:def:35822	P	squid3-3.1.12-8.10.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:36033	P	squid3-3.1.12-8.12.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:31511	P	Security update for python27-urllib3, python27-boto3, python27-botocore, python27-s3transfer (Moderate)	2020-12-01
oval:org.opensuse.security:def:25949	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:26620	P	openssh on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26314	P	Security update for iperf (Moderate)	2020-12-01
oval:org.opensuse.security:def:25844	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31809	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31507	P	Security update for python27 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32427	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:27293	P	squid3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25920	P	Security update for gstreamer-plugins-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:26996	P	nfs-client on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25594	P	Security update for targetcli-fb (Moderate)	2020-12-01
oval:org.opensuse.security:def:32537	P	kdelibs4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25373	P	Security update for libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:25867	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:25576	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26474	P	Security update for znc (Moderate)	2020-12-01
oval:org.opensuse.security:def:33219	P	openvpn on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31773	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:32319	P	Security update for ruby (Moderate)	2020-12-01
oval:org.opensuse.security:def:31500	P	Security update for python-paramiko (Moderate)	2020-12-01
oval:org.opensuse.security:def:25798	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:26576	P	krb5-plugin-kdb-ldap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26300	P	Security update for gimp (Moderate)	2020-12-01
oval:org.opensuse.security:def:32786	P	squid3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32371	P	Security update for tcpdump (Moderate)	2020-12-01
oval:org.opensuse.security:def:27258	P	pam_ldap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25856	P	Security update for gd (Important)	2020-12-01
oval:org.opensuse.security:def:31953	P	Security update for gstreamer-0_10-plugins-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:25583	P	Security update for python36 (Important)	2020-12-01
oval:org.opensuse.security:def:32515	P	fuse on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25372	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:25786	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31955	P	Security update for gstreamer-0_10-plugins-good (Important)	2020-12-01
oval:org.opensuse.security:def:26821	P	squid3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25448	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26421	P	Security update for hdf5 (Important)	2020-12-01
oval:org.opensuse.security:def:32581	P	mutt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31762	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26008	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31499	P	Security update for python-paramiko (Important)	2020-12-01
oval:org.opensuse.security:def:25714	P	Security update for libpng16 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26562	P	gtk2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31979	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:26261	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:31585	P	Security update for tcpdump (Moderate)	2020-12-01
oval:org.opensuse.security:def:26002	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:32747	P	man on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26358	P	Security update for Mozilla Thunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:25845	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:31866	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:25582	P	Security update for libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:31599	P	Security update for tiff (Low)	2020-12-01
oval:org.opensuse.security:def:32476	P	Security update for yast2-storage (Moderate)	2020-12-01
oval:org.opensuse.security:def:27031	P	squid3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25658	P	Security update for liblouis (Low)	2020-12-01
oval:org.opensuse.security:def:31899	P	Security update for MozillaFirefox, firefox-glib2, firefox-gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:26786	P	mutt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25384	P	Security update for java-1_7_1-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:26270	P	Security update for mariadb-100 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31761	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25924	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32043	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25657	P	Security update for graphviz (Low)	2020-12-01
oval:org.opensuse.security:def:26523	P	apache2-mod_perl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33258	P	squid3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31847	P	Security update for clamav (Moderate)	2020-12-01
oval:org.mitre.oval:def:11146	V	Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses.	2013-04-29
oval:com.redhat.rhsa:def:20050060	P	RHSA-2005:060: squid security update (Important)	2005-02-15
oval:com.redhat.rhsa:def:20050061	P	RHSA-2005:061: squid security update (Important)	2005-02-11
oval:org.debian:def:651	V	buffer overflow, integer overflow	2005-01-20