CVE-2005-0095 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2005-0095
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2005-0095

Description: The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers.

CVE Status: Candidate

References: TRUSTIX http://www.trustix.org/errata/2005/0003/ SUSE http://www.novell.com/linux/security/advisories/2005_06_squid.html ST 1012882 SAID Secunia Advisory: SA13825 REDHAT http://www.redhat.com/support/errata/RHSA-2005-061.html http://www.redhat.com/support/errata/RHSA-2005-060.html OSVDB 12886 MANDRAKE http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:014 GENTOO http://security.gentoo.org/glsa/glsa-200501-25.xml FEDORA http://fedoranews.org/updates/FEDORA--.shtml DEBIAN http://www.debian.org/security/2005/dsa-651 CONFIRM http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_denial_of_service.patch http://www.squid-cache.org/Advisories/SQUID-2005_2.txt CONECTIVA http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923 BID 12275

Return to the previous page.