CVE-2002-0714
CVSS7.5
发布时间 :2002-07-26 00:00:00
修订时间 :2016-10-17 22:21:44
NMCO    

[原文]FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.


[CNNVD]Squid FTP代理数据通道漏洞(CNNVD-200207-090)

        Squid 2.4.STABLE6之前版本的FTP代理不比较控件的IP地址以及与FTP服务器有关的数据,远程攻击者可以绕过防火墙规则或欺骗FTP服务器响应。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0714
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0714
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200207-090
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt
(UNKNOWN)  CALDERA  CSSA-2002-046.0
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000506
(UNKNOWN)  CONECTIVA  CLA-2002:506
http://marc.info/?l=bugtraq&m=102674543407606&w=2
(UNKNOWN)  BUGTRAQ  20020715 TSLSA-2002-0062 - squid
http://rhn.redhat.com/errata/RHSA-2002-051.html
(UNKNOWN)  REDHAT  RHSA-2002:051
http://rhn.redhat.com/errata/RHSA-2002-130.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2002:130
http://www.iss.net/security_center/static/9479.php
(UNKNOWN)  XF  squid-ftp-data-injection(9479)
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php
(PATCH)  MANDRAKE  MDKSA-2002:044
http://www.securityfocus.com/bid/5158
(UNKNOWN)  BID  5158
http://www.squid-cache.org/Advisories/SQUID-2002_3.txt
(VENDOR_ADVISORY)  CONFIRM  http://www.squid-cache.org/Advisories/SQUID-2002_3.txt
http://www.squid-cache.org/Versions/v2/2.4/bugs/
(PATCH)  CONFIRM  http://www.squid-cache.org/Versions/v2/2.4/bugs/

- 漏洞信息

Squid FTP代理数据通道漏洞
高危 设计错误
2002-07-26 00:00:00 2005-05-02 00:00:00
远程  
        Squid 2.4.STABLE6之前版本的FTP代理不比较控件的IP地址以及与FTP服务器有关的数据,远程攻击者可以绕过防火墙规则或欺骗FTP服务器响应。

- 公告与补丁

        Sanity checks have been introduced into Squid as a default configuration option. The checks will prevent any attempt to carry out these attacks. If support for different control/data addresses is required, disabling the ftp_sanitycheck directive will remove the sanity checking.
        FreeBSD has released a Security Notice FreeBSD-SN-02:05. Users of FreeBSD systems are strongly urged to upgrade their ports tree to fix various reported issues. Further information can be found in the referenced Security Notice.
        Updated packages are available.
        National Science Foundation Squid Web Proxy 2.2
        
        National Science Foundation Squid Web Proxy 2.2 STABLE5
        
        National Science Foundation Squid Web Proxy 2.3 STABLE3
        
        National Science Foundation Squid Web Proxy 2.3 STABLE4
        

- 漏洞信息

5128
Squid FTP Proxy Data Channel Firewall Bypass or Hijacking

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-04-08 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站