CVE-2005-0094
CVSS5.0
发布时间 :2005-01-15 00:00:00
修订时间 :2010-08-21 00:25:28
NMCOPS    

[原文]Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses.


[CNNVD]Squid gopherToHTML() 缓冲区溢出漏洞(CNNVD-200501-247)

        Squid是一个开源的高效的Web缓存及代理程序。
        Squid 2.5.STABLE7及之前版本中Gopher响应解析的gopherToHTML函数存在缓冲区溢出漏洞。
        远程恶意Gopher服务器可以利用此漏洞,通过特别构造的响应信息,导致程序崩溃,从而引发拒绝服务。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:squid:squid:2.5.6
cpe:/a:squid:squid:2.1_patch2
cpe:/a:squid:squid:2.5_.stable3
cpe:/a:squid:squid:2.5_.stable1
cpe:/a:squid:squid:2.5.stable4
cpe:/a:squid:squid:2.3_.stable4
cpe:/a:squid:squid:2.5_stable3
cpe:/a:squid:squid:2.5_.stable4
cpe:/a:squid:squid:2.5_.stable5
cpe:/a:squid:squid:2.5_stable4
cpe:/a:squid:squid:2.5.stable6
cpe:/a:squid:squid:2.3_.stable5
cpe:/a:squid:squid:2.5.stable7
cpe:/a:squid:squid:2.5_.stable6
cpe:/a:squid:squid:2.5.stable5
cpe:/a:squid:squid:2.4
cpe:/a:squid:squid:2.4_.stable7
cpe:/a:squid:squid:2.5.stable2
cpe:/a:squid:squid:2.0_patch2
cpe:/a:squid:squid:2.5.stable3
cpe:/a:squid:squid:2.4_.stable6
cpe:/a:squid:squid:2.4_stable7
cpe:/a:squid:squid:2.5_stable9
cpe:/a:squid:squid:2.4_.stable2
cpe:/a:squid:squid:2.3_stable5
cpe:/a:squid:squid:2.5.stable1
cpe:/a:squid:squid:2.6.stable1

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11146Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher ser...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0094
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0094
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200501-247
(官方数据源) CNNVD

- 其它链接及资源

http://www.redhat.com/support/errata/RHSA-2005-061.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:061
http://www.redhat.com/support/errata/RHSA-2005-060.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:060
http://www.debian.org/security/2005/dsa-651
(VENDOR_ADVISORY)  DEBIAN  DSA-651
http://security.gentoo.org/glsa/glsa-200501-25.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200501-25
http://secunia.com/advisories/13825
(VENDOR_ADVISORY)  SECUNIA  13825
http://www.trustix.org/errata/2005/0003/
(VENDOR_ADVISORY)  TRUSTIX  2005-0003
http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-gopher_html_parsing.patch
(VENDOR_ADVISORY)  CONFIRM  http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-gopher_html_parsing.patch
http://www.squid-cache.org/Advisories/SQUID-2005_1.txt
(VENDOR_ADVISORY)  CONFIRM  http://www.squid-cache.org/Advisories/SQUID-2005_1.txt
http://www.novell.com/linux/security/advisories/2005_06_squid.html
(VENDOR_ADVISORY)  SUSE  SUSE-SA:2005:006
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923
(VENDOR_ADVISORY)  CONECTIVA  CLA-2005:923
http://www.securityfocus.com/bid/12276
(UNKNOWN)  BID  12276
http://www.mandriva.com/security/advisories?name=MDKSA-2005:014
(UNKNOWN)  MANDRAKE  MDKSA-2005:014
http://fedoranews.org/updates/FEDORA--.shtml
(UNKNOWN)  FEDORA  FLSA-2006:152809

- 漏洞信息

Squid gopherToHTML() 缓冲区溢出漏洞
中危 缓冲区溢出
2005-01-15 00:00:00 2005-10-20 00:00:00
远程  
        Squid是一个开源的高效的Web缓存及代理程序。
        Squid 2.5.STABLE7及之前版本中Gopher响应解析的gopherToHTML函数存在缓冲区溢出漏洞。
        远程恶意Gopher服务器可以利用此漏洞,通过特别构造的响应信息,导致程序崩溃,从而引发拒绝服务。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.squid-cache.org/Versions/

- 漏洞信息 (F35847)

dsa-651.txt (PacketStormID:F35847)
2005-01-25 00:00:00
 
advisory,overflow
linux,debian
CVE-2005-0094,CVE-2005-0095
[点击下载]

Debian Security Advisory 651-1 - A couple different overflows have been discovered in Squid. One is in the parser for Gopher and another is in the receiver for WCCP messages.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 651-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
January 20th, 2005                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : squid
Vulnerability  : buffer overflow, integer overflow
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2005-0094 CAN-2005-0095

Several vulnerabilities have been discovered in Squid, the internet
object cache, the popular WWW proxy cache.  The Common Vulnerabilities
and Exposures Project identifies the following vulnerabilities:

CAN-2005-0094

    "infamous41md" discovered a buffer overflow in the parser for
    Gopher responses which will lead to memory corruption and usually
    crash Squid.

CAN-2005-0095

    "infamous41md" discovered an integer overflow in the receiver of
    WCCP (Web Cache Communication Protocol) messages.  An attacker
    could send a specially crafted UDP datagram that will cause Squid
    to crash.

For the stable distribution (woody) these problems have been fixed in
version 2.4.6-2woody5.

For the unstable distribution (sid) these problems have been fixed in
version 2.5.7-4.

We recommend that you upgrade your squid package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5.dsc
      Size/MD5 checksum:      612 69bd41324bb88cc4a76fcacba1f6cb9b
    http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5.diff.gz
      Size/MD5 checksum:   227846 52f6d82e486f23dba4240260dc64ea57
    http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz
      Size/MD5 checksum:  1081920 59ce2c58da189626d77e27b9702ca228

  Alpha architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_alpha.deb
      Size/MD5 checksum:   814804 684a7a602a7dce53d3e2d5ea526cdfeb
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_alpha.deb
      Size/MD5 checksum:    75340 061412b8ca998b1ae5a7c576eac51425
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_alpha.deb
      Size/MD5 checksum:    60094 8ecf3345226d4023c661cb5950929d5c

  ARM architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_arm.deb
      Size/MD5 checksum:   725286 b9103ba40dfcc47200b971a0ad123bb9
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_arm.deb
      Size/MD5 checksum:    73116 fe083c2e4e65e0bcff82b42c292f9c69
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_arm.deb
      Size/MD5 checksum:    58444 225728ea1d83a4f999cbcd1cbc918471

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_i386.deb
      Size/MD5 checksum:   684376 bd4f50309316282ffdf9012e6a051349
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_i386.deb
      Size/MD5 checksum:    72850 f0f790e828a53ae94406c68d8c386ac7
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_i386.deb
      Size/MD5 checksum:    58014 9f2e5d189aa0df9d01d47c6870ca25f9

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_ia64.deb
      Size/MD5 checksum:   953366 146cb3cfadbb09b473289462fcb85c4e
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_ia64.deb
      Size/MD5 checksum:    79224 6a83889272e28d86602d86358929196b
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_ia64.deb
      Size/MD5 checksum:    62766 6b48ca53c8bc2f0972a1b4653d04fa54

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_hppa.deb
      Size/MD5 checksum:   779204 684c9f7e7b7bd4abda5eda0890974951
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_hppa.deb
      Size/MD5 checksum:    74562 861f28d3d058c56d620ce557b488780f
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_hppa.deb
      Size/MD5 checksum:    59574 16d03b269cb3d067cd6129b9bf1eccdc

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_m68k.deb
      Size/MD5 checksum:   665532 da4701e4506c91a7297ebe41314d88cd
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_m68k.deb
      Size/MD5 checksum:    72460 3ad96b1dc107bbaafd67592f8477bab4
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_m68k.deb
      Size/MD5 checksum:    57678 0202dafa52ea24eb34c3d477459ad287

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_mips.deb
      Size/MD5 checksum:   764854 c97c148f54c9d80e9d3d6c127894813b
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_mips.deb
      Size/MD5 checksum:    74028 d49e9634ed353d8b713f4d80de731b61
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_mips.deb
      Size/MD5 checksum:    58730 762b4bb651f8531208db4cd941a06560

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_mipsel.deb
      Size/MD5 checksum:   764702 d134fdcf4916a521147f94837e2e544e
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_mipsel.deb
      Size/MD5 checksum:    74118 9bdfc6bc5e7f752df213cdffb197f877
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_mipsel.deb
      Size/MD5 checksum:    58838 edc757de19a59274fcb2a3d32791dcc0

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_powerpc.deb
      Size/MD5 checksum:   722068 9c18747e4a7e6b15c05ab547efc59993
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_powerpc.deb
      Size/MD5 checksum:    73100 7af618b2b8b1e225af2631a07da615d8
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_powerpc.deb
      Size/MD5 checksum:    58322 23f79cf266df794a375ba75b2a973026

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_s390.deb
      Size/MD5 checksum:   711584 f750ce9dd12460574b2c69031d3933bf
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_s390.deb
      Size/MD5 checksum:    73442 e9a485219baaec097b7d432ba4ea8a26
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_s390.deb
      Size/MD5 checksum:    58876 4ab64ae10b353e69facfcc59fa6fa0ab

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_sparc.deb
      Size/MD5 checksum:   724314 d4af1a337ee603d7b1039f132996b0bf
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_sparc.deb
      Size/MD5 checksum:    75728 9974f32b84edb4969c9216742e9c9f73
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_sparc.deb
      Size/MD5 checksum:    60762 a7aad73eabef840dd648ef058dc852d5


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFB7+UcW5ql+IAeqTIRAo+aAJwKdAQ/YxftQ5ERX3Du8dM3T364KQCfcSQH
blvaz7fbg6rkM9Hj0TopuLM=
=Kbp2
-----END PGP SIGNATURE-----

    

- 漏洞信息

12887
Squid gopherToHTML() Function Remote Overflow
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

A remote overflow exists in Squid. The 'gopherToHTML()' function fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request from a malicious gopher server which response with overly long lines, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

- 时间线

2005-01-12 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Robert Collins et al. has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Squid Proxy Gopher To HTML Remote Buffer Overflow Vulnerability
Boundary Condition Error 12276
Yes No
2005-01-12 12:00:00 2011-08-29 12:20:00
Ben Hawkes and infamous41md

- 受影响的程序版本

Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
Trustix Secure Linux 2.2
Trustix Secure Linux 2.1
Trustix Secure Linux 1.5
Trustix Secure Enterprise Linux 2.0
Squid Web Proxy Cache 2.5 .STABLE7
+ Conectiva Linux 10.0
+ Conectiva Linux 9.0
+ Gentoo Linux
+ Red Hat Fedora Core3
+ Red Hat Fedora Core2
Squid Web Proxy Cache 2.5 .STABLE6
+ MandrakeSoft Linux Mandrake 10.1 x86_64
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
+ Turbolinux Appliance Server 1.0 Workgroup Edition
+ Turbolinux Appliance Server 1.0 Hosting Edition
+ Turbolinux Appliance Server Hosting Edition 1.0
+ Turbolinux Appliance Server Workgroup Edition 1.0
+ Turbolinux Turbolinux Server 10.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
Squid Web Proxy Cache 2.5 .STABLE5
+ Conectiva Linux 10.0
+ Conectiva Linux 9.0
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Squid Web Proxy Cache 2.5 .STABLE4
+ MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Linux Mandrake 10.0 AMD64
+ MandrakeSoft Linux Mandrake 10.0
+ OpenPKG OpenPKG 2.0
+ OpenPKG OpenPKG Current
Squid Web Proxy Cache 2.5 .STABLE3
+ MandrakeSoft Linux Mandrake 9.2 amd64
+ MandrakeSoft Linux Mandrake 9.2
+ OpenPKG OpenPKG 1.3
+ Red Hat Fedora Core1
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux AS 3
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
Squid Web Proxy Cache 2.5 .STABLE1
+ MandrakeSoft Linux Mandrake 9.1 ppc
+ MandrakeSoft Linux Mandrake 9.1
+ S.u.S.E. Linux Personal 8.2
Squid Web Proxy Cache 2.4 .STABLE7
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ RedHat Enterprise Linux AS 2.1 IA64
+ RedHat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux Advanced Work Station 2.1
Squid Web Proxy Cache 2.4 .STABLE6
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
Squid Web Proxy Cache 2.4 .STABLE2
Squid Web Proxy Cache 2.4
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
Squid Web Proxy Cache 2.3 .STABLE5
Squid Web Proxy Cache 2.3 .STABLE4
Squid Web Proxy Cache 2.1 PATCH2
Squid Web Proxy Cache 2.0 PATCH2
Squid Squid Web Proxy 3.1.14
Squid Squid Web Proxy 3.1.13
Squid Squid Web Proxy 3.1
Squid Squid Web Proxy 3.0
Squid Squid Web Proxy 3.2.0.10
Squid Squid Web Proxy 3.2
Squid Squid Web Proxy 3.1
Squid Squid Web Proxy 3.0.STABLE25
SGI ProPack 3.0
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux 8.1
S.u.S.E. Linux 8.0 i386
S.u.S.E. Linux 8.0
RedHat Linux 9.0 i386
RedHat Linux 7.3 i386
Red Hat Fedora Core2
Red Hat Fedora Core1
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Conectiva Linux 10.0
Conectiva Linux 9.0
Astaro Security Linux 4.0 17
Astaro Security Linux 4.0 16
Astaro Security Linux 4.0 08
Astaro Security Linux 3.217
Astaro Security Linux 3.2 16
Astaro Security Linux 3.2 15
Astaro Security Linux 3.2 12
Astaro Security Linux 3.2 11
Astaro Security Linux 3.2 10
Astaro Security Linux 3.2 00
Astaro Security Linux 2.0 30
Astaro Security Linux 2.0 27
Astaro Security Linux 2.0 26
Astaro Security Linux 2.0 25
Astaro Security Linux 2.0 24
Astaro Security Linux 2.0 23
Astaro Security Linux 2.0 16
Squid Squid Web Proxy 3.1.15
Squid Squid Web Proxy 3.2.0.11
Squid Squid Web Proxy 3.0.STABLE26

- 不受影响的程序版本

Squid Squid Web Proxy 3.1.15
Squid Squid Web Proxy 3.2.0.11
Squid Squid Web Proxy 3.0.STABLE26

- 漏洞讨论

A remote buffer-overflow vulnerability affects the Gopher-to-HTML functionality of Squid Proxy. This issue is due to the application's failure to properly validate the length of user-supplied strings before copying them into static process buffers.

An attacker may exploit this issue to execute arbitrary code with the privileges of the vulnerable application. This may facilitate unauthorized access or privilege escalation.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Please see the referenced vendor advisories for more information and fixes.


Squid Web Proxy Cache 2.4 .STABLE7

Squid Web Proxy Cache 2.4 .STABLE6

Squid Web Proxy Cache 2.5 .STABLE4

Squid Web Proxy Cache 2.5 .STABLE6

Squid Web Proxy Cache 2.5 .STABLE3

Squid Web Proxy Cache 2.5 .STABLE7

Squid Web Proxy Cache 2.5 .STABLE1

Squid Web Proxy Cache 2.5 .STABLE5

SGI ProPack 3.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站