Vulnerability CVE-2005-0718 - CERT Civis.Net

Vulnerability Name:

CVE-2005-0718 (CCN-19919)

Assigned:

2005-02-04

Published:

2005-02-04

Updated:

2018-10-03

Summary:

Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2005-0718

Source: CCN
Type: Conectiva Linus Security Announcement CLSA-2005:931
squid

Source: CONECTIVA
Type: Vendor Advisory
CLA-2005:931

Source: FEDORA
Type: UNKNOWN
FLSA-2006:152809

Source: CCN
Type: RHSA-2005-415
squid security update

Source: CCN
Type: RHSA-2005-489
squid security update

Source: CCN
Type: SA12508
Squid "clientAbortBody()" and PUT/POST Denial of Service Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
12508

Source: REDHAT
Type: UNKNOWN
RHSA-2005:415

Source: REDHAT
Type: UNKNOWN
RHSA-2005:489

Source: BID
Type: UNKNOWN
13166

Source: CCN
Type: BID-13166
Squid Proxy Aborted Connection Remote Denial Of Service Vulnerability

Source: CONFIRM
Type: Vendor Advisory
http://www.squid-cache.org/bugs/show_bug.cgi?id=1224

Source: CCN
Type: TLSA-2005-53
Squid denial of service attack

Source: CCN
Type: USN-111-1
Squid vulnerability

Source: CCN
Type: Squid Web Proxy Cache Web site
Squid-2.5 Patches

Source: CONFIRM
Type: Vendor Advisory
http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post

Source: XF
Type: UNKNOWN
squid-put-post-dos(19919)

Source: XF
Type: UNKNOWN
squid-put-post-dos(19919)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11562

Source: UBUNTU
Type: UNKNOWN
USN-111-1

Source: SUSE
Type: SUSE-SR:2005:012
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:squid:squid:2.0.patch1:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.0.patch2:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.0.pre1:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.0.release:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.0_patch2:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.1.patch1:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.1.patch2:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.1.pre1:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.1.pre3:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.1.pre4:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.1.release:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.1_patch2:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.2.devel3:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.2.devel4:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.2.pre1:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.2.pre2:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.2.stable1:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.2.stable2:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.2.stable3:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.2.stable4:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.2.stable5:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.3.devel2:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.3.devel3:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.3.stable1:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.3.stable2:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.3.stable3:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.3.stable4:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.3.stable5:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.3_.stable4:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.3_.stable5:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.3_stable5:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.4:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.4.stable1:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.4.stable2:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.4.stable3:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.4.stable4:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.4.stable6:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.4.stable7:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.4_.stable2:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.4_.stable6:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.4_.stable7:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.4_stable7:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5.6:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5.stable1:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5.stable2:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5.stable3:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5.stable4:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5.stable5:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5.stable6:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5.stable7:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5_stable3:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5_stable4:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5_stable9:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:squid-cache:squid:2.4:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.5.stable5:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.5.stable7:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.5.stable9:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.4.stable1:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.4.stable2:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.4.stable3:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.4.stable4:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.4.stable6:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.5.stable4:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.5.stable3:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.5.stable1:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.4.stable7:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.5.stable2:*:*:*:*:*:*:*

AND

cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:conectiva:linux:10:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20050718	V	CVE-2005-0718	2015-11-16
oval:org.mitre.oval:def:11562	V	Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory.	2013-04-29
oval:com.redhat.rhsa:def:20050415	P	RHSA-2005:415: squid security update (Low)	2005-06-14