Vulnerability Name: | CVE-2005-0095 (CCN-18884) |
Assigned: | 2005-01-12 |
Published: | 2005-01-12 |
Updated: | 2017-10-11 |
Summary: | The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers. |
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): None Integrity (I): None Availibility (A): Low |
|
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None | Impact Metrics: | Confidentiality (C): None Integrity (I): None Availibility (A): Partial | 5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
| Impact Metrics: | Confidentiality (C): None Integrity (I): None Availibility (A): Partial |
|
Vulnerability Type: | CWE-Other
|
Vulnerability Consequences: | Denial of Service |
References: | Source: MITRE Type: CNA CVE-2005-0095
Source: CONECTIVA Type: Patch, Vendor Advisory CLA-2005:923
Source: FEDORA Type: UNKNOWN FLSA-2006:152809
Source: CCN Type: RHSA-2005-060 squid security update
Source: CCN Type: RHSA-2005-061 squid security update
Source: CCN Type: SA13825 Squid Two Vulnerabilities
Source: SECUNIA Type: Patch, Vendor Advisory 13825
Source: GENTOO Type: Patch, Vendor Advisory GLSA-200501-25
Source: CCN Type: SECTRACK ID: 1012882 Squid Input Validation Error in Processing WCCP Messages Lets Remote Users Crash Squid
Source: SECTRACK Type: UNKNOWN 1012882
Source: CCN Type: CIAC Information Bulletin P-138 Updated Squid Package Fixes Security Issues
Source: DEBIAN Type: Patch, Vendor Advisory DSA-651
Source: DEBIAN Type: DSA-651 squid -- buffer overflow
Source: CCN Type: GLSA-200501-25 Squid: Multiple vulnerabilities
Source: MANDRAKE Type: UNKNOWN MDKSA-2005:014
Source: SUSE Type: Patch, Vendor Advisory SUSE-SA:2005:006
Source: OSVDB Type: UNKNOWN 12886
Source: CCN Type: OSVDB ID: 12886 Squid Malformed WCCP_I_SEE_YOU Messsage DoS
Source: REDHAT Type: Patch, Vendor Advisory RHSA-2005:060
Source: REDHAT Type: Patch, Vendor Advisory RHSA-2005:061
Source: BID Type: UNKNOWN 12275
Source: CCN Type: BID-12275 Squid Proxy Web Cache Communication Protocol Denial Of Service Vulnerability
Source: CONFIRM Type: Patch, Vendor Advisory http://www.squid-cache.org/Advisories/SQUID-2005_2.txt
Source: CCN Type: Squid Web Proxy Cache Web site Denial of service with forged WCCP messages
Source: CONFIRM Type: Exploit, Vendor Advisory http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_denial_of_service.patch
Source: TRUSTIX Type: Patch, Vendor Advisory 2005-0003
Source: CCN Type: TLSA-2005-24 Multiple vulnerabilities exist in Squid
Source: CCN Type: USN-67-1 Squid vulnerabilities
Source: XF Type: UNKNOWN squid-wccp-dos(18884)
Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:10269
Source: SUSE Type: SUSE-SA:2005:006 squid: remote command execution
Source: SUSE Type: SUSE-SR:2005:003 SUSE Security Summary Report
|
Vulnerable Configuration: | Configuration 1: cpe:/a:squid:squid:2.0_patch2:*:*:*:*:*:*:*OR cpe:/a:squid:squid:2.1_patch2:*:*:*:*:*:*:*OR cpe:/a:squid:squid:2.3_.stable4:*:*:*:*:*:*:*OR cpe:/a:squid:squid:2.3_.stable5:*:*:*:*:*:*:*OR cpe:/a:squid:squid:2.3_stable5:*:*:*:*:*:*:*OR cpe:/a:squid:squid:2.4:*:*:*:*:*:*:*OR cpe:/a:squid:squid:2.4_.stable2:*:*:*:*:*:*:*OR cpe:/a:squid:squid:2.4_.stable6:*:*:*:*:*:*:*OR cpe:/a:squid:squid:2.4_.stable7:*:*:*:*:*:*:*OR cpe:/a:squid:squid:2.4_stable7:*:*:*:*:*:*:*OR cpe:/a:squid:squid:2.5.6:*:*:*:*:*:*:*OR cpe:/a:squid:squid:2.5.stable1:*:*:*:*:*:*:*OR cpe:/a:squid:squid:2.5.stable2:*:*:*:*:*:*:*OR cpe:/a:squid:squid:2.5.stable3:*:*:*:*:*:*:*OR cpe:/a:squid:squid:2.5.stable4:*:*:*:*:*:*:*OR cpe:/a:squid:squid:2.5.stable5:*:*:*:*:*:*:*OR cpe:/a:squid:squid:2.5.stable6:*:*:*:*:*:*:*OR cpe:/a:squid:squid:2.5.stable7:*:*:*:*:*:*:*OR cpe:/a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*OR cpe:/a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*OR cpe:/a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*OR cpe:/a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*OR cpe:/a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*OR cpe:/a:squid:squid:2.5_stable3:*:*:*:*:*:*:*OR cpe:/a:squid:squid:2.5_stable4:*:*:*:*:*:*:*OR cpe:/a:squid:squid:2.5_stable9:*:*:*:*:*:*:*OR cpe:/a:squid:squid:2.6.stable1:*:*:*:*:*:*:* Configuration RedHat 1: cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:* Configuration CCN 1: cpe:/a:squid-cache:squid:2.4:*:*:*:*:*:*:*OR cpe:/a:squid-cache:squid:2.5.stable5:*:*:*:*:*:*:*OR cpe:/a:squid-cache:squid:2.5.stable7:*:*:*:*:*:*:*OR cpe:/a:squid-cache:squid:2.5.stable9:*:*:*:*:*:*:*OR cpe:/a:squid-cache:squid:2.4.stable2:*:*:*:*:*:*:*OR cpe:/a:squid-cache:squid:2.4.stable6:*:*:*:*:*:*:*OR cpe:/a:squid-cache:squid:2.5.stable4:*:*:*:*:*:*:*OR cpe:/a:squid-cache:squid:2.5.stable3:*:*:*:*:*:*:*OR cpe:/a:squid-cache:squid:2.5.stable1:*:*:*:*:*:*:*OR cpe:/a:squid-cache:squid:2.4.stable7:*:*:*:*:*:*:*OR cpe:/a:squid-cache:squid:2.5.stable2:*:*:*:*:*:*:*OR cpe:/a:squid-cache:squid:2.6.stable1:*:*:*:*:*:*:*AND cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:2.1:*:aw:*:*:*:*:*OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*
Denotes that component is vulnerable |
Oval Definitions |
|
BACK |
squid squid 2.0_patch2
squid squid 2.1_patch2
squid squid 2.3_.stable4
squid squid 2.3_.stable5
squid squid 2.3_stable5
squid squid 2.4
squid squid 2.4_.stable2
squid squid 2.4_.stable6
squid squid 2.4_.stable7
squid squid 2.4_stable7
squid squid 2.5.6
squid squid 2.5.stable1
squid squid 2.5.stable2
squid squid 2.5.stable3
squid squid 2.5.stable4
squid squid 2.5.stable5
squid squid 2.5.stable6
squid squid 2.5.stable7
squid squid 2.5_.stable1
squid squid 2.5_.stable3
squid squid 2.5_.stable4
squid squid 2.5_.stable5
squid squid 2.5_.stable6
squid squid 2.5_stable3
squid squid 2.5_stable4
squid squid 2.5_stable9
squid squid 2.6.stable1
squid-cache squid 2.4
squid-cache squid 2.5.stable5
squid-cache squid 2.5.stable7
squid-cache squid 2.5.stable9
squid-cache squid 2.4.stable2
squid-cache squid 2.4.stable6
squid-cache squid 2.5.stable4
squid-cache squid 2.5.stable3
squid-cache squid 2.5.stable1
squid-cache squid 2.4.stable7
squid-cache squid 2.5.stable2
squid-cache squid 2.6.stable1
debian debian linux 3.0
gentoo linux *
suse suse linux 8.1
suse linux enterprise server 8
mandrakesoft mandrake linux corporate server 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
suse suse linux 8.2
redhat enterprise linux 2.1
suse suse linux 9.0
mandrakesoft mandrake linux 9.2
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
mandrakesoft mandrake linux 10.0
suse suse linux 9.1
redhat enterprise linux 3
suse suse linux 9.2
mandrakesoft mandrake linux 10.1
mandrakesoft mandrake linux corporate server 3.0
redhat enterprise linux 4
redhat enterprise linux 4
redhat enterprise linux 4
redhat enterprise linux 4
redhat linux advanced workstation 2.1
mandrakesoft mandrake linux 10.1
mandrakesoft mandrake linux 9.2
mandrakesoft mandrake linux 10.0
mandrakesoft mandrake linux corporate server 2.1