ID CVE-2005-3258
Summary The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain "odd" responses.
References
Vulnerable Configurations
  • cpe:2.3:a:squid:squid:2.0.patch1:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.0.patch1:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.0.patch2:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.0.patch2:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.0.pre1:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.0.pre1:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.0.release:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.0.release:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.1.patch1:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.1.patch1:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.1.patch2:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.1.patch2:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.1.pre1:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.1.pre1:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.1.pre3:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.1.pre3:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.1.pre4:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.1.pre4:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.1.release:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.1.release:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.2.devel3:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.2.devel3:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.2.devel4:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.2.devel4:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.2.pre1:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.2.pre1:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.2.pre2:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.2.pre2:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.2.stable1:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.2.stable1:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.2.stable2:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.2.stable2:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.2.stable3:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.2.stable3:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.2.stable4:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.2.stable4:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.2.stable5:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.2.stable5:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.3.devel2:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.3.devel2:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.3.devel3:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.3.devel3:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.3.stable1:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.3.stable1:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.3.stable2:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.3.stable2:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.3.stable3:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.3.stable3:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.3.stable4:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.3.stable4:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.3.stable5:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.3.stable5:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.4.stable1:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.4.stable1:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.4.stable2:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.4.stable2:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.4.stable3:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.4.stable3:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.4.stable4:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.4.stable4:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.4.stable6:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.4.stable6:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.4.stable7:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.4.stable7:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.5.stable8:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.5.stable8:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.5.stable9:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.5.stable9:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.5.stable10:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.5.stable10:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.5.stable11:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.5.stable11:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 08-03-2011 - 02:26)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
confirm http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE11-rfc1738_do_escape
sectrack 1015085
secunia
  • 17271
  • 17287
  • 17338
  • 17407
  • 17513
  • 17626
  • 17645
suse SUSE-SR:2005:027
vupen ADV-2005-2151
statements via4
contributor Mark J Cox
lastmodified 2006-08-30
organization Red Hat
statement Not vulnerable. These issues do not affect the versions of Squid as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
Last major update 08-03-2011 - 02:26
Published 20-10-2005 - 10:02
Last modified 08-03-2011 - 02:26
Back to Top