CVE-2005-3258
CVSS5.0
发布时间 :2005-10-20 06:02:00
修订时间 :2011-03-07 21:26:08
NMCOPS    

[原文]The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain "odd" responses.


[CNNVD]Squid FTP服务器响应拒绝服务漏洞(CNNVD-200510-159)

        Squid Cache(简称为Squid)是一个流行的自由软件(GNU通用公共许可证)的代理服务器和Web缓存服务器。
        Squid 2.5 STABLE11及之前版本的ftp.c 中的rfc1738_do_escape函数允许远程FTP服务器借助特定的"odd" 响应,引起拒绝服务(分段故障)。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:squid:squid:2.5.6
cpe:/a:squid:squid:2.1.patch2
cpe:/a:squid:squid:2.2.stable5
cpe:/a:squid:squid:2.1.release
cpe:/a:squid:squid:2.3.stable3
cpe:/a:squid:squid:2.5.stable9
cpe:/a:squid:squid:2.5.stable4
cpe:/a:squid:squid:2.2.stable1
cpe:/a:squid:squid:2.4.stable2
cpe:/a:squid:squid:2.3.stable2
cpe:/a:squid:squid:2.5.stable11
cpe:/a:squid:squid:2.2.stable2
cpe:/a:squid:squid:2.5.stable10
cpe:/a:squid:squid:2.4.stable4
cpe:/a:squid:squid:2.2.pre2
cpe:/a:squid:squid:2.4.stable7
cpe:/a:squid:squid:2.3.stable4
cpe:/a:squid:squid:2.3.devel3
cpe:/a:squid:squid:2.1.pre4
cpe:/a:squid:squid:2.5.stable6
cpe:/a:squid:squid:2.0.patch2
cpe:/a:squid:squid:2.5.stable8
cpe:/a:squid:squid:2.5.stable7
cpe:/a:squid:squid:2.2.devel4
cpe:/a:squid:squid:2.0.release
cpe:/a:squid:squid:2.2.stable4
cpe:/a:squid:squid:2.4.stable3
cpe:/a:squid:squid:2.5.stable5
cpe:/a:squid:squid:2.4
cpe:/a:squid:squid:2.5.stable2
cpe:/a:squid:squid:2.1.pre3
cpe:/a:squid:squid:2.5.stable3
cpe:/a:squid:squid:2.0.patch1
cpe:/a:squid:squid:2.1.patch1
cpe:/a:squid:squid:2.2.stable3
cpe:/a:squid:squid:2.2.pre1
cpe:/a:squid:squid:2.4.stable6
cpe:/a:squid:squid:2.3.stable5
cpe:/a:squid:squid:2.0.pre1
cpe:/a:squid:squid:2.1.pre1
cpe:/a:squid:squid:2.2.devel3
cpe:/a:squid:squid:2.5.stable1
cpe:/a:squid:squid:2.3.devel2
cpe:/a:squid:squid:2.4.stable1
cpe:/a:squid:squid:2.3.stable1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3258
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3258
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200510-159
(官方数据源) CNNVD

- 其它链接及资源

http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE11-rfc1738_do_escape
(PATCH)  CONFIRM  http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE11-rfc1738_do_escape
http://www.vupen.com/english/advisories/2005/2151
(UNKNOWN)  SECTRACK  1015085
http://www.novell.com/linux/security/advisories/2005_27_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2005:027
http://securitytracker.com/id?1015085
(UNKNOWN)  SECTRACK  1015085
http://secunia.com/advisories/17645
(UNKNOWN)  SECUNIA  17645
http://secunia.com/advisories/17626
(UNKNOWN)  SECUNIA  17626
http://secunia.com/advisories/17513
(UNKNOWN)  SECUNIA  17513
http://secunia.com/advisories/17407
(UNKNOWN)  SECUNIA  17407
http://secunia.com/advisories/17338
(UNKNOWN)  SECUNIA  17338
http://secunia.com/advisories/17287
(UNKNOWN)  SECUNIA  17287
http://secunia.com/advisories/17271
(UNKNOWN)  SECUNIA  17271

- 漏洞信息

Squid FTP服务器响应拒绝服务漏洞
中危 输入验证
2005-10-20 00:00:00 2005-10-20 00:00:00
远程  
        Squid Cache(简称为Squid)是一个流行的自由软件(GNU通用公共许可证)的代理服务器和Web缓存服务器。
        Squid 2.5 STABLE11及之前版本的ftp.c 中的rfc1738_do_escape函数允许远程FTP服务器借助特定的"odd" 响应,引起拒绝服务(分段故障)。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        IPCop IPCop 1.4.1
        IPCop ipcop-sources-1.4.10.tgz
        http://prdownloads.sourceforge.net/ipcop/ipcop-sources-1.4.10.tgz?download
        IPCop IPCop 1.4.2
        IPCop ipcop-sources-1.4.10.tgz
        http://prdownloads.sourceforge.net/ipcop/ipcop-sources-1.4.10.tgz?download
        IPCop IPCop 1.4.4
        IPCop ipcop-sources-1.4.10.tgz
        http://prdownloads.sourceforge.net/ipcop/ipcop-sources-1.4.10.tgz?download
        IPCop IPCop 1.4.5
        IPCop ipcop-sources-1.4.10.tgz
        http://prdownloads.sourceforge.net/ipcop/ipcop-sources-1.4.10.tgz?download
        IPCop IPCop 1.4.6
        IPCop ipcop-sources-1.4.10.tgz
        http://prdownloads.sourceforge.net/ipcop/ipcop-sources-1.4.10.tgz?download
        IPCop IPCop 1.4.8
        IPCop ipcop-sources-1.4.10.tgz
        http://prdownloads.sourceforge.net/ipcop/ipcop-sources-1.4.10.tgz?download
        IPCop IPCop 1.4.9
        IPCop ipcop-sources-1.4.10.tgz
        http://prdownloads.sourceforge.net/ipcop/ipcop-sources-1.4.10.tgz?download
        Squid Web Proxy Cache 2.5 .STABLE5
        Conectiva squid-2.5.5-77559U10_13cl.i386.rpm
        Version: 10.0
        ftp://atualizacoes.conectiva.com.br/10/RPMS/squid-2.5.5-77559U10_13cl.i386.rpm
        Conectiva squid-auth-2.5.5-77559U10_13cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/10/RPMS/squid-auth-2.5.5-77559U10_13cl.i386.rpm
        Conectiva squid-auth-2.5.5-77559U10_13cl.i386.rpm
        Version: 10.0
        ftp://atualizacoes.conectiva.com.br/10/RPMS/squid-auth-2.5.5-77559U10_13cl.i386.rpm
        Conectiva squid-extra-templates-2.5.5-77559U10_13cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/10/RPMS/squid-extra-templates-2.5.5-77559U10_13cl.i386.rpm
        Conectiva squid-extra-templates-2.5.5-77559U10_13cl.i386.rpm
        Version: 10.0
        ftp://atualizacoes.conectiva.com.br/10/RPMS/squid-extra-templates-2.5.5-77559U10_13cl.i386.rpm
        Conectiva squid-2.5.5-77559U10_13cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/10/RPMS/squid-2.5.5-77559U10_13cl.i386.rpm

- 漏洞信息 (F41214)

SCOSA-2005.44.txt (PacketStormID:F41214)
2005-11-03 00:00:00
SCO  sco.com
advisory,remote,denial of service
CVE-2005-2794,CVE-2005-2796,CVE-2005-2917,CVE-2005-3258
[点击下载]

SCO Security Advisory - store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING. The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests. Squid versions 2.5.STABLE10 and below, while performing NTLM authentication, do not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

 			SCO Security Advisory

Subject:		UnixWare 7.1.4 : Squid Denial of Service
Advisory number: 	SCOSA-2005.44
Issue date: 		2005 November 01
Cross reference:	fz533116 fz533151 fz533254
 			CAN-2005-2794 CAN-2005-2796 CVE-2005-2917 CVE-2005-3258
______________________________________________________________________________


1. Problem Description

 	store.c in Squid 2.5.STABLE10 and earlier allows remote
 	attackers to cause a denial of service (crash) via certain
 	aborted requests that trigger an assert error related to
 	STORE_PENDING.

 	The Common Vulnerabilities and Exposures project (cve.mitre.org)
 	has assigned the name CAN-2005-2794 to this issue.

 	The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10
 	and earlier allows remote attackers to cause a denial of service
 	(segmentation fault) via certain crafted requests.

 	The Common Vulnerabilities and Exposures project (cve.mitre.org)
 	has assigned the name CAN-2005-2796 to this issue.

 	Squid 2.5.STABLE10 and earlier, while performing NTLM
 	authentication, does not properly handle certain request
 	sequences, which allows attackers to cause a denial of service
 	(daemon restart).

 	The Common Vulnerabilities and Exposures project (cve.mitre.org)
 	has assigned the name CVE-2005-2917 to this issue

 	The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11
 	and earlier allows remote FTP servers to cause a denial of
 	service (segmentation fault) via certain "odd" responses.

 	The Common Vulnerabilities and Exposures project (cve.mitre.org)
 	has assigned the name CVE-2005-3258 to this issue.


2. Vulnerable Supported Versions

 	System				Binaries
 	----------------------------------------------------------------------
 	UnixWare 7.1.4 			squid 2.5.STABLE12 distribution


3. Solution

 	The proper solution is to install the latest packages.


4. UnixWare 7.1.4

 	4.1 Location of Fixed Binaries

 	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.44


 	4.2 Verification

 	32fd0223233496f737e85a9aa31f00a4  squid-2.5.STABLE12.image

 	md5 is available for download from
 		ftp://ftp.sco.com/pub/security/tools


 	4.3 Installing Fixed Binaries

 	Upgrade the affected binaries with the following sequence:

 	Download squid-2.5.STABLE12.image to the /var/spool/pkg directory

 	# pkgadd -d /var/spool/pkg/squid-2.5.STABLE12.image


5. References

 	Specific references for this advisory:
 		http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING
 		http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout
 		http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE11-rfc1738_do_escape
 		http://securitytracker.com/id?1014846
 		http://secunia.com/advisories/16992
 		http://secunia.com/advisories/17271
 		http://www.frsirt.com/english/advisories/2005/2151

 	SCO security resources:
 		http://www.sco.com/support/security/index.html

 	SCO security advisories via email
 		http://www.sco.com/support/forums/security.html

 	This security fix closes SCO incidents fz533116 fz533151
 	fz533254.


6. Disclaimer

 	SCO is not responsible for the misuse of any of the information
 	we provide on this website and/or through our security
 	advisories. Our advisories are a service to our customers
 	intended to promote secure installation and use of SCO
 	products.


______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (UnixWare)

iD8DBQFDaO04aqoBO7ipriERAskPAKCezWSWi/+glMAT2NvdDRyEfjrTywCfTA55
uYqqvxwQCux9I7+3y8RADIY=
=tG9W
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息

20117
Squid FTP Server rfc1738_do_escape() Function DoS
Denial of Service
Loss of Availability

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-10-18 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Squid FTP Server Response Denial Of Service Vulnerability
Input Validation Error 15157
Yes No
2005-10-20 12:00:00 2006-04-04 05:08:00
"Martin Stransky" <stransky@redhat.com> has reported this vulnerability.

- 受影响的程序版本

SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
Squid Web Proxy Cache 2.5 .STABLE9
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.2 x86_64
+ Mandriva Linux Mandrake 10.2
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
Squid Web Proxy Cache 2.5 .STABLE6
+ Mandriva Linux Mandrake 10.1 x86_64
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
+ Turbolinux Appliance Server 1.0 Workgroup Edition
+ Turbolinux Appliance Server 1.0 Hosting Edition
+ Turbolinux Appliance Server Hosting Edition 1.0
+ Turbolinux Appliance Server Workgroup Edition 1.0
+ Turbolinux Turbolinux Server 10.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
Squid Web Proxy Cache 2.5 .STABLE5
+ Conectiva Linux 10.0
+ Conectiva Linux 9.0
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Squid Web Proxy Cache 2.5 .STABLE4
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ OpenPKG OpenPKG 2.0
+ OpenPKG OpenPKG Current
Squid Web Proxy Cache 2.5 .STABLE3
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ OpenPKG OpenPKG 1.3
+ Red Hat Enterprise Linux AS 3
+ Red Hat Fedora Core1
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
Squid Web Proxy Cache 2.5 .STABLE10
Squid Web Proxy Cache 2.5 .STABLE10
Squid Web Proxy Cache 2.4 .STABLE7
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux Advanced Work Station 2.1
Squid Web Proxy Cache 2.4 .STABLE4
SCO Unixware 7.1.4
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Openexchange Server
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
Red Hat Fedora Core4
Red Hat Fedora Core3
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
IPCop IPCop 1.4.9
IPCop IPCop 1.4.8
IPCop IPCop 1.4.6
IPCop IPCop 1.4.5
IPCop IPCop 1.4.4
IPCop IPCop 1.4.2
IPCop IPCop 1.4.1
Conectiva Linux 10.0
IPCop IPCop 1.4.10

- 不受影响的程序版本

IPCop IPCop 1.4.10

- 漏洞讨论

Squid is prone to a remote denial-of-service vulnerability. This is due to a flaw in the way that Squid communicates with FTP servers.

This issue has been reported in Squid version 2.5 and prior.

- 漏洞利用

No exploit is required to leverage this issue.

- 解决方案


Please see the referenced advisories for further information.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.commailto:vuldb@securityfocus.com


IPCop IPCop 1.4.1

IPCop IPCop 1.4.2

IPCop IPCop 1.4.4

IPCop IPCop 1.4.5

IPCop IPCop 1.4.6

IPCop IPCop 1.4.8

IPCop IPCop 1.4.9

Squid Web Proxy Cache 2.5 .STABLE5

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站