Vulnerability CVE-2005-0211

Vulnerability Name:

CVE-2005-0211 (CCN-19142)

Assigned:

2005-01-28

Published:

2005-01-28

Updated:

2018-10-12

Summary:

Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Denial of Service

References:

Source: CCN
Type: SGI Security Advisory 20050207-01-U
SGI Advanced Linux Environment 3 Security Update #27

Source: MITRE
Type: CNA
CVE-2005-0211

Source: FEDORA
Type: Broken Link
FLSA-2006:152809

Source: BUGTRAQ
Type: Third Party Advisory
20050207 [USN-77-1] Squid vulnerabilities

Source: CCN
Type: RHSA-2005-060
squid security update

Source: CCN
Type: RHSA-2005-061
squid security update

Source: CCN
Type: SA14076
Squid WCCP Message Handling Buffer Overflow Vulnerability

Source: SECUNIA
Type: Permissions Required
14076

Source: CCN
Type: SECTRACK ID: 1013045
Squid Buffer Overflow in WCCP recvfrom() Lets Remote Users Deny Service

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1013045

Source: CCN
Type: CIAC Information Bulletin P-138
Updated Squid Package Fixes Security Issues

Source: DEBIAN
Type: Patch, Third Party Advisory
DSA-667

Source: DEBIAN
Type: DSA-667
squid -- several vulnerabilities

Source: CCN
Type: GLSA-200502-04
Squid: Multiple vulnerabilities

Source: CCN
Type: US-CERT VU#886006
Squid vulnerable to buffer overflow via an overly long WCCP message

Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#886006

Source: MANDRAKE
Type: Broken Link
MDKSA-2005:034

Source: SUSE
Type: Broken Link
SUSE-SA:2005:006

Source: OSVDB
Type: Broken Link
13319

Source: CCN
Type: OSVDB ID: 13319
Squid WCCP recvfrom() Function Overflow

Source: REDHAT
Type: Not Applicable, Third Party Advisory
RHSA-2005:060

Source: REDHAT
Type: Not Applicable, Third Party Advisory
RHSA-2005:061

Source: BID
Type: Third Party Advisory, VDB Entry
12432

Source: CCN
Type: BID-12432
Squid Proxy WCCP recvfrom() Buffer Overflow Vulnerability

Source: CCN
Type: Squid Proxy Cache Security Update Advisory SQUID-2005:3
Buffer overflow in WCCP recvfrom() call

Source: CCN
Type: Squid Web Proxy Cache Web site
Buffer overflow in WCCP recvfrom() call

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_buffer_overflow

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_buffer_overflow.patch

Source: CCN
Type: TLSA-2005-24
Multiple vulnerabilities exist in Squid

Source: CCN
Type: USN-77-1
Squid vulnerabilities

Source: XF
Type: UNKNOWN
squid-wccp-recvfrom-bo(19142)

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:9573

Source: SUSE
Type: SUSE-SA:2005:006
squid: remote command execution

Vulnerable Configuration:

Configuration 1:

cpe:/a:squid-cache:squid:2.5.stable1:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.5.stable2:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.5.stable3:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.5.stable4:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.5.stable5:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.5.stable6:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:squid-cache:squid:2.5.stable5:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.5.stable4:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.5.stable3:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.5.stable1:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.5.stable2:*:*:*:*:*:*:*

AND

cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*

OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*

OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20050211	V	CVE-2005-0211	2015-11-16
oval:org.mitre.oval:def:9573	V	Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack.	2013-04-29
oval:com.redhat.rhsa:def:20050060	P	RHSA-2005:060: squid security update (Important)	2005-02-15
oval:com.redhat.rhsa:def:20050061	P	RHSA-2005:061: squid security update (Important)	2005-02-11
oval:org.debian:def:667	V	several vulnerabilities	2005-02-04

BACK