ID CVE-2005-0718
Summary Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory.
References
Vulnerable Configurations
  • cpe:2.3:a:squid:squid:2.0.patch1
    cpe:2.3:a:squid:squid:2.0.patch1
  • cpe:2.3:a:squid:squid:2.0.patch2
    cpe:2.3:a:squid:squid:2.0.patch2
  • cpe:2.3:a:squid:squid:2.0.pre1
    cpe:2.3:a:squid:squid:2.0.pre1
  • cpe:2.3:a:squid:squid:2.0.release
    cpe:2.3:a:squid:squid:2.0.release
  • cpe:2.3:a:squid:squid:2.0_patch2
    cpe:2.3:a:squid:squid:2.0_patch2
  • cpe:2.3:a:squid:squid:2.1.patch1
    cpe:2.3:a:squid:squid:2.1.patch1
  • cpe:2.3:a:squid:squid:2.1.patch2
    cpe:2.3:a:squid:squid:2.1.patch2
  • cpe:2.3:a:squid:squid:2.1.pre1
    cpe:2.3:a:squid:squid:2.1.pre1
  • cpe:2.3:a:squid:squid:2.1.pre3
    cpe:2.3:a:squid:squid:2.1.pre3
  • cpe:2.3:a:squid:squid:2.1.pre4
    cpe:2.3:a:squid:squid:2.1.pre4
  • cpe:2.3:a:squid:squid:2.1.release
    cpe:2.3:a:squid:squid:2.1.release
  • cpe:2.3:a:squid:squid:2.1_patch2
    cpe:2.3:a:squid:squid:2.1_patch2
  • cpe:2.3:a:squid:squid:2.2.devel3
    cpe:2.3:a:squid:squid:2.2.devel3
  • cpe:2.3:a:squid:squid:2.2.devel4
    cpe:2.3:a:squid:squid:2.2.devel4
  • cpe:2.3:a:squid:squid:2.2.pre1
    cpe:2.3:a:squid:squid:2.2.pre1
  • cpe:2.3:a:squid:squid:2.2.pre2
    cpe:2.3:a:squid:squid:2.2.pre2
  • cpe:2.3:a:squid:squid:2.2.stable1
    cpe:2.3:a:squid:squid:2.2.stable1
  • cpe:2.3:a:squid:squid:2.2.stable2
    cpe:2.3:a:squid:squid:2.2.stable2
  • cpe:2.3:a:squid:squid:2.2.stable3
    cpe:2.3:a:squid:squid:2.2.stable3
  • cpe:2.3:a:squid:squid:2.2.stable4
    cpe:2.3:a:squid:squid:2.2.stable4
  • cpe:2.3:a:squid:squid:2.2.stable5
    cpe:2.3:a:squid:squid:2.2.stable5
  • cpe:2.3:a:squid:squid:2.3.devel2
    cpe:2.3:a:squid:squid:2.3.devel2
  • cpe:2.3:a:squid:squid:2.3.devel3
    cpe:2.3:a:squid:squid:2.3.devel3
  • cpe:2.3:a:squid:squid:2.3.stable1
    cpe:2.3:a:squid:squid:2.3.stable1
  • cpe:2.3:a:squid:squid:2.3.stable2
    cpe:2.3:a:squid:squid:2.3.stable2
  • cpe:2.3:a:squid:squid:2.3.stable3
    cpe:2.3:a:squid:squid:2.3.stable3
  • cpe:2.3:a:squid:squid:2.3.stable4
    cpe:2.3:a:squid:squid:2.3.stable4
  • cpe:2.3:a:squid:squid:2.3.stable5
    cpe:2.3:a:squid:squid:2.3.stable5
  • cpe:2.3:a:squid:squid:2.3_.stable4
    cpe:2.3:a:squid:squid:2.3_.stable4
  • cpe:2.3:a:squid:squid:2.3_.stable5
    cpe:2.3:a:squid:squid:2.3_.stable5
  • cpe:2.3:a:squid:squid:2.3_stable5
    cpe:2.3:a:squid:squid:2.3_stable5
  • cpe:2.3:a:squid:squid:2.4
    cpe:2.3:a:squid:squid:2.4
  • cpe:2.3:a:squid:squid:2.4.stable1
    cpe:2.3:a:squid:squid:2.4.stable1
  • cpe:2.3:a:squid:squid:2.4.stable2
    cpe:2.3:a:squid:squid:2.4.stable2
  • cpe:2.3:a:squid:squid:2.4.stable3
    cpe:2.3:a:squid:squid:2.4.stable3
  • cpe:2.3:a:squid:squid:2.4.stable4
    cpe:2.3:a:squid:squid:2.4.stable4
  • cpe:2.3:a:squid:squid:2.4.stable6
    cpe:2.3:a:squid:squid:2.4.stable6
  • cpe:2.3:a:squid:squid:2.4.stable7
    cpe:2.3:a:squid:squid:2.4.stable7
  • cpe:2.3:a:squid:squid:2.4_.stable2
    cpe:2.3:a:squid:squid:2.4_.stable2
  • cpe:2.3:a:squid:squid:2.4_.stable6
    cpe:2.3:a:squid:squid:2.4_.stable6
  • cpe:2.3:a:squid:squid:2.4_.stable7
    cpe:2.3:a:squid:squid:2.4_.stable7
  • cpe:2.3:a:squid:squid:2.4_stable7
    cpe:2.3:a:squid:squid:2.4_stable7
  • cpe:2.3:a:squid:squid:2.5.6
    cpe:2.3:a:squid:squid:2.5.6
  • cpe:2.3:a:squid:squid:2.5.stable1
    cpe:2.3:a:squid:squid:2.5.stable1
  • cpe:2.3:a:squid:squid:2.5.stable2
    cpe:2.3:a:squid:squid:2.5.stable2
  • cpe:2.3:a:squid:squid:2.5.stable3
    cpe:2.3:a:squid:squid:2.5.stable3
  • cpe:2.3:a:squid:squid:2.5.stable4
    cpe:2.3:a:squid:squid:2.5.stable4
  • cpe:2.3:a:squid:squid:2.5.stable5
    cpe:2.3:a:squid:squid:2.5.stable5
  • cpe:2.3:a:squid:squid:2.5.stable6
    cpe:2.3:a:squid:squid:2.5.stable6
  • cpe:2.3:a:squid:squid:2.5.stable7
    cpe:2.3:a:squid:squid:2.5.stable7
  • cpe:2.3:a:squid:squid:2.5_.stable1
    cpe:2.3:a:squid:squid:2.5_.stable1
  • cpe:2.3:a:squid:squid:2.5_.stable3
    cpe:2.3:a:squid:squid:2.5_.stable3
  • cpe:2.3:a:squid:squid:2.5_.stable4
    cpe:2.3:a:squid:squid:2.5_.stable4
  • cpe:2.3:a:squid:squid:2.5_.stable5
    cpe:2.3:a:squid:squid:2.5_.stable5
  • cpe:2.3:a:squid:squid:2.5_.stable6
    cpe:2.3:a:squid:squid:2.5_.stable6
  • cpe:2.3:a:squid:squid:2.5_stable3
    cpe:2.3:a:squid:squid:2.5_stable3
  • cpe:2.3:a:squid:squid:2.5_stable4
    cpe:2.3:a:squid:squid:2.5_stable4
  • cpe:2.3:a:squid:squid:2.5_stable9
    cpe:2.3:a:squid:squid:2.5_stable9
CVSS
Base: 5.0 (as of 10-06-2005 - 08:41)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-415.NASL
    description An updated squid package that fixes several security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. Squid is a full-featured Web proxy cache. A race condition bug was found in the way Squid handles the now obsolete Set-Cookie header. It is possible that Squid can leak Set-Cookie header information to other clients connecting to Squid. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0626 to this issue. Please note that this issue only affected Red Hat Enterprise Linux 4. A bug was found in the way Squid handles PUT and POST requests. It is possible for an authorised remote user to cause a failed PUT or POST request which can cause Squid to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0718 to this issue. A bug was found in the way Squid processes errors in the access control list. It is possible that an error in the access control list could give users more access than intended. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1345 to this issue. A bug was found in the way Squid handles access to the cachemgr.cgi script. It is possible for an authorised remote user to bypass access control lists with this flaw. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-1999-0710 to this issue. A bug was found in the way Squid handles DNS replies. If the port Squid uses for DNS requests is not protected by a firewall it is possible for a remote attacker to spoof DNS replies, possibly redirecting a user to spoofed or malicious content. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1519 to this issue. Additionally this update fixes the following bugs: - LDAP Authentication fails with an assertion error when using Red Hat Enterprise Linux 4 Users of Squid should upgrade to this updated package, which contains backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 18500
    published 2005-06-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18500
    title RHEL 3 / 4 : squid (RHSA-2005:415)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-489.NASL
    description An updated squid package that fixes several security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. Squid is a full-featured Web proxy cache. A bug was found in the way Squid handles PUT and POST requests. It is possible for an authorised remote user to cause a failed PUT or POST request which can cause Squid to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0718 to this issue. A bug was found in the way Squid handles access to the cachemgr.cgi script. It is possible for an authorised remote user to bypass access control lists with this flaw. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-1999-0710 to this issue. A bug was found in the way Squid handles DNS replies. If the port Squid uses for DNS requests is not protected by a firewall, it is possible for a remote attacker to spoof DNS replies, possibly redirecting a user to spoofed or malicious content. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1519 to this issue. Additionally, this update fixes the following bugs: - squid fails in the unpacking of squid-2.4.STABLE7-1.21as.5.src.rpm Users of Squid should upgrade to this updated package, which contains backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 18471
    published 2005-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18471
    title RHEL 2.1 : squid (RHSA-2005:489)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-111-1.NASL
    description A remote Denial of Service vulnerability has been discovered in Squid. If the remote end aborted the connection during a PUT or POST request, Squid tried to free an already freed part of memory, which eventually caused the server to crash. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20498
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20498
    title Ubuntu 4.10 : squid vulnerability (USN-111-1)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_8DBF7894A9A811D9A7880001020EED82.NASL
    description The squid patches page notes : An inconsistent state is entered on a failed PUT/POST request making a high risk for segmentation faults or other strange errors
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 19025
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19025
    title FreeBSD : squid -- DoS on failed PUT/POST requests vulnerability (8dbf7894-a9a8-11d9-a788-0001020eed82)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-078.NASL
    description Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings. (CVE-2005-0194) Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies. (CVE-2005-0626) Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previosuly freed memory. (CVE-2005-0718) A bug in the way Squid processes errors in the access control list was also found. It is possible that an error in the access control list could give users more access than intended. (CVE-2005-1345) In addition, due to subtle bugs in the previous backported updates of squid (Bugzilla #14209), all the squid-2.5 versions have been updated to squid-2.5.STABLE9 with all the STABLE9 patches from the squid developers. The updated packages are patched to fix these problems.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 18171
    published 2005-05-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18171
    title Mandrake Linux Security Advisory : squid (MDKSA-2005:078)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-415.NASL
    description An updated squid package that fixes several security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. Squid is a full-featured Web proxy cache. A race condition bug was found in the way Squid handles the now obsolete Set-Cookie header. It is possible that Squid can leak Set-Cookie header information to other clients connecting to Squid. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0626 to this issue. Please note that this issue only affected Red Hat Enterprise Linux 4. A bug was found in the way Squid handles PUT and POST requests. It is possible for an authorised remote user to cause a failed PUT or POST request which can cause Squid to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0718 to this issue. A bug was found in the way Squid processes errors in the access control list. It is possible that an error in the access control list could give users more access than intended. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1345 to this issue. A bug was found in the way Squid handles access to the cachemgr.cgi script. It is possible for an authorised remote user to bypass access control lists with this flaw. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-1999-0710 to this issue. A bug was found in the way Squid handles DNS replies. If the port Squid uses for DNS requests is not protected by a firewall it is possible for a remote attacker to spoof DNS replies, possibly redirecting a user to spoofed or malicious content. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1519 to this issue. Additionally this update fixes the following bugs: - LDAP Authentication fails with an assertion error when using Red Hat Enterprise Linux 4 Users of Squid should upgrade to this updated package, which contains backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21822
    published 2006-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21822
    title CentOS 3 / 4 : squid (CESA-2005:415)
oval via4
accepted 2013-04-29T04:14:42.263-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory.
family unix
id oval:org.mitre.oval:def:11562
status accepted
submitted 2010-07-09T03:56:16-04:00
title Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory.
version 24
redhat via4
advisories
  • rhsa
    id RHSA-2005:415
  • rhsa
    id RHSA-2005:489
refmap via4
bid 13166
conectiva CLA-2005:931
confirm
fedora FLSA-2006:152809
secunia 12508
ubuntu USN-111-1
xf squid-put-post-dos(19919)
Last major update 21-08-2010 - 00:26
Published 14-04-2005 - 00:00
Last modified 03-10-2018 - 17:29
Back to Top