7.5

CVE-2005-0211

Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Squid-cacheSquid Version2.5.stable1
Squid-cacheSquid Version2.5.stable2
Squid-cacheSquid Version2.5.stable3
Squid-cacheSquid Version2.5.stable4
Squid-cacheSquid Version2.5.stable5
Squid-cacheSquid Version2.5.stable6
DebianDebian Linux Version3.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 22.15% 0.974
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://fedoranews.org/updates/FEDORA--.shtml
Broken Link
http://www.novell.com/linux/security/advisories/2005_06_squid.html
Broken Link
http://www.redhat.com/support/errata/RHSA-2005-060.html
Third Party Advisory
Not Applicable
http://www.redhat.com/support/errata/RHSA-2005-061.html
Third Party Advisory
Not Applicable
http://marc.info/?l=bugtraq&m=110780531820947&w=2
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:034
Broken Link
http://www.debian.org/security/2005/dsa-667
Patch
Third Party Advisory
http://secunia.com/advisories/14076
Permissions Required
http://securitytracker.com/id?1013045
Third Party Advisory
VDB Entry
http://www.kb.cert.org/vuls/id/886006
Patch
Third Party Advisory
US Government Resource
http://www.osvdb.org/13319
Broken Link
http://www.securityfocus.com/bid/12432
Third Party Advisory
VDB Entry
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_buffer_overflow
Patch
Vendor Advisory
http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_buffer_overflow.patch
Patch
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9573
Third Party Advisory