1. CVE-Search
  2. CVE-2002-0068
ID CVE-2002-0068
Summary Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters.
References
Vulnerable Configurations
  • cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*
    cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:6.2:*:i386:*:*:*:*:*
    cpe:2.3:o:redhat:linux:6.2:*:i386:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*
    cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:7.0:*:alpha:*:*:*:*:*
    cpe:2.3:o:redhat:linux:7.0:*:alpha:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:7.0:*:i386:*:*:*:*:*
    cpe:2.3:o:redhat:linux:7.0:*:i386:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:7.1:*:alpha:*:*:*:*:*
    cpe:2.3:o:redhat:linux:7.1:*:alpha:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:7.1:*:i386:*:*:*:*:*
    cpe:2.3:o:redhat:linux:7.1:*:i386:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:7.1:*:ia64:*:*:*:*:*
    cpe:2.3:o:redhat:linux:7.1:*:ia64:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:7.2:*:i386:*:*:*:*:*
    cpe:2.3:o:redhat:linux:7.2:*:i386:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:7.2:*:ia64:*:*:*:*:*
    cpe:2.3:o:redhat:linux:7.2:*:ia64:*:*:*:*:*
CVSS
Base: 7.5 (as of 18-10-2016 - 02:15)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
rhsa
id RHSA-2002:029
refmap via4
bid 4148
bugtraq
  • 20020221 Squid HTTP Proxy Security Update Advisory 2002:1
  • 20020222 Squid buffer overflow
  • 20020222 TSLSA-2002-0031 - squid
caldera
  • CSSA-2002-010.0
  • CSSA-2002-SCO.7
conectiva CLA-2002:464
confirm http://www.squid-cache.org/Versions/v2/2.4/bugs/
freebsd FreeBSD-SA-02:12
mandrake MDKSA-2002:016
osvdb 5378
suse SuSE-SA:2002:008
xf squid-ftpbuildtitleurl-bo(8258)
Last major update 18-10-2016 - 02:15
Published 08-03-2002 - 05:00
Last modified 18-10-2016 - 02:15
Back to Top