7.5

CVE-2002-0068

Exploit
Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SquidSquid Version <= 2.4_stable_3
RedhatLinux Version6.2 Editionalpha
RedhatLinux Version6.2 Editioni386
RedhatLinux Version6.2 Editionsparc
RedhatLinux Version7.0 Editionalpha
RedhatLinux Version7.0 Editioni386
RedhatLinux Version7.1 Editionalpha
RedhatLinux Version7.1 Editioni386
RedhatLinux Version7.1 Editionia64
RedhatLinux Version7.2 Editioni386
RedhatLinux Version7.2 Editionia64
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 9.45% 0.948
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc
http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464
http://marc.info/?l=bugtraq&m=101431040422095&w=2
http://marc.info/?l=bugtraq&m=101443252627021&w=2
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php
http://www.redhat.com/support/errata/RHSA-2002-029.html
Patch
Vendor Advisory
http://www.squid-cache.org/Versions/v2/2.4/bugs/
Exploit
http://marc.info/?l=bugtraq&m=101440163111826&w=2
http://www.caldera.com/support/security/advisories/CSSA-2002-010.0.txt
http://www.iss.net/security_center/static/8258.php
http://www.novell.com/linux/security/advisories/2002_008_squid_txt.html
http://www.osvdb.org/5378
http://www.securityfocus.com/bid/4148