Vulnerability Name:

CVE-2005-3258 (CCN-22792)

Assigned:2005-10-20
Published:2005-10-20
Updated:2011-03-08
Summary:The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain "odd" responses.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2005-3258

Source: CCN
Type: SA17271
Squid FTP Server Response Handling Denial of Service

Source: SECUNIA
Type: UNKNOWN
17271

Source: SECUNIA
Type: UNKNOWN
17287

Source: SECUNIA
Type: UNKNOWN
17338

Source: SECUNIA
Type: UNKNOWN
17407

Source: CCN
Type: SA17513
IPCop Squid Vulnerability and Web Backup Security Issue

Source: SECUNIA
Type: UNKNOWN
17513

Source: SECUNIA
Type: UNKNOWN
17626

Source: SECUNIA
Type: UNKNOWN
17645

Source: CCN
Type: SECTRACK ID: 1015085
Squid rfc1738_do_escape() FTP Server Response Processing Bug Lets Remote Users Deny Service

Source: SECTRACK
Type: UNKNOWN
1015085

Source: SUSE
Type: UNKNOWN
SUSE-SR:2005:027

Source: CCN
Type: OSVDB ID: 20117
Squid FTP Server rfc1738_do_escape() Function DoS

Source: CCN
Type: BID-15157
Squid FTP Server Response Denial Of Service Vulnerability

Source: CCN
Type: Squid Web site
Squid Web Proxy Cache

Source: CCN
Type: Squid 2.5 Web page
Squid-2.5 Patches

Source: CONFIRM
Type: Patch
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE11-rfc1738_do_escape

Source: CCN
Type: TLSA-2005-101
Squid denial of service attack

Source: SECTRACK
Type: UNKNOWN
1015085

Source: XF
Type: UNKNOWN
squid-ftp-response-dos(22792)

Source: SUSE
Type: SUSE-SR:2005:025
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2005:027
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:squid:squid:2.0.patch1:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.0.patch2:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.0.pre1:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.0.release:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.1.patch1:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.1.patch2:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.1.pre1:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.1.pre3:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.1.pre4:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.1.release:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.2.devel3:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.2.devel4:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.2.pre1:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.2.pre2:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.2.stable1:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.2.stable2:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.2.stable3:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.2.stable4:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.2.stable5:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.3.devel2:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.3.devel3:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.3.stable1:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.3.stable2:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.3.stable3:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.3.stable4:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.3.stable5:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.4.stable1:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.4.stable2:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.4.stable3:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.4.stable4:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.4.stable6:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.4.stable7:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.5.stable1:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.5.stable2:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.5.stable3:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.5.stable4:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.5.stable5:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.5.stable6:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.5.stable7:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.5.stable8:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.5.stable9:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.5.stable10:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.5.stable11:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:squid-cache:squid:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.5.stable5:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.5.stable7:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.5.stable9:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.5.stable10:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.4.stable1:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.4.stable2:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.4.stable3:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.4.stable4:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.4.stable6:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.5.stable4:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.5.stable3:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.5.stable1:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.4.stable7:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.5.stable2:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.5.stable8:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.5.stable11:*:*:*:*:*:*:*
  • AND
  • cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20053258
    V
    CVE-2005-3258
    2015-11-16
    BACK
    squid squid 2.0.patch1
    squid squid 2.0.patch2
    squid squid 2.0.pre1
    squid squid 2.0.release
    squid squid 2.1.patch1
    squid squid 2.1.patch2
    squid squid 2.1.pre1
    squid squid 2.1.pre3
    squid squid 2.1.pre4
    squid squid 2.1.release
    squid squid 2.2.devel3
    squid squid 2.2.devel4
    squid squid 2.2.pre1
    squid squid 2.2.pre2
    squid squid 2.2.stable1
    squid squid 2.2.stable2
    squid squid 2.2.stable3
    squid squid 2.2.stable4
    squid squid 2.2.stable5
    squid squid 2.3.devel2
    squid squid 2.3.devel3
    squid squid 2.3.stable1
    squid squid 2.3.stable2
    squid squid 2.3.stable3
    squid squid 2.3.stable4
    squid squid 2.3.stable5
    squid squid 2.4
    squid squid 2.4.stable1
    squid squid 2.4.stable2
    squid squid 2.4.stable3
    squid squid 2.4.stable4
    squid squid 2.4.stable6
    squid squid 2.4.stable7
    squid squid 2.5.6
    squid squid 2.5.stable1
    squid squid 2.5.stable2
    squid squid 2.5.stable3
    squid squid 2.5.stable4
    squid squid 2.5.stable5
    squid squid 2.5.stable6
    squid squid 2.5.stable7
    squid squid 2.5.stable8
    squid squid 2.5.stable9
    squid squid 2.5.stable10
    squid squid 2.5.stable11
    squid-cache squid 2.4
    squid-cache squid 2.5.stable5
    squid-cache squid 2.5.stable7
    squid-cache squid 2.5.stable9
    squid-cache squid 2.5.stable10
    squid-cache squid 2.4.stable1
    squid-cache squid 2.4.stable2
    squid-cache squid 2.4.stable3
    squid-cache squid 2.4.stable4
    squid-cache squid 2.4.stable6
    squid-cache squid 2.5.stable4
    squid-cache squid 2.5.stable3
    squid-cache squid 2.5.stable1
    squid-cache squid 2.4.stable7
    squid-cache squid 2.5.stable2
    squid-cache squid 2.5.stable8
    squid-cache squid 2.5.stable11
    mandrakesoft mandrake linux corporate server 2.1
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake multi network firewall 2.0
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake linux corporate server 2.1