Vulnerabilities > CVE-2002-0068
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 10 |
Exploit-Db
| description | Squid 2.0-4 Cache FTP Proxy URL Buffer Overflow Vulnerability. CVE-2002-0068 . Remote exploit for unix platform |
| id | EDB-ID:21297 |
| last seen | 2016-02-02 |
| modified | 2002-02-21 |
| published | 2002-02-21 |
| reporter | gunzip |
| source | https://www.exploit-db.com/download/21297/ |
| title | Squid 2.0-4 Cache FTP Proxy URL Buffer Overflow Vulnerability |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2002-016.NASL description Three security issues were found in the 2.x versions of the Squid proxy server up to and including 2.4.STABLE3. The first is a memory leak in the optional SNMP interface to Squid which could allow a malicious user who can send packets to the Squid SNMP port to possibly perform a Denial of Service attack on ther server if the SNMP interface is enabled. The next is a buffer overflow in the implementation of ftp:// URLs where allowed users could possibly perform a DoS on the server, and may be able to trigger remote execution of code (which the authors have not yet confirmed). The final issue is with the HTCP interface which cannot be properly disabled from squid.conf; HTCP is enabled by default on Mandrake Linux systems. Update : The squid updates for all versions other than Mandrake Linux were incorrectly built with LDAP authentication which introduced a dependency on OpenLDAP. These new packages do not use LDAP authentication. The Single Network Firewall 7.2 package previously released did not use LDAP authentication, however rebuilding the source RPM package required LDAP to be installed. Single Network Firewall 7.2 users do not need to upgrade to these packages to have a properly function squid. last seen 2020-06-01 modified 2020-06-02 plugin id 13924 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13924 title Mandrake Linux Security Advisory : squid (MDKSA-2002:016-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2002:016. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(13924); script_version ("1.18"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2002-0067", "CVE-2002-0068", "CVE-2002-0069"); script_xref(name:"MDKSA", value:"2002:016-1"); script_name(english:"Mandrake Linux Security Advisory : squid (MDKSA-2002:016-1)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandrake Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "Three security issues were found in the 2.x versions of the Squid proxy server up to and including 2.4.STABLE3. The first is a memory leak in the optional SNMP interface to Squid which could allow a malicious user who can send packets to the Squid SNMP port to possibly perform a Denial of Service attack on ther server if the SNMP interface is enabled. The next is a buffer overflow in the implementation of ftp:// URLs where allowed users could possibly perform a DoS on the server, and may be able to trigger remote execution of code (which the authors have not yet confirmed). The final issue is with the HTCP interface which cannot be properly disabled from squid.conf; HTCP is enabled by default on Mandrake Linux systems. Update : The squid updates for all versions other than Mandrake Linux were incorrectly built with LDAP authentication which introduced a dependency on OpenLDAP. These new packages do not use LDAP authentication. The Single Network Firewall 7.2 package previously released did not use LDAP authentication, however rebuilding the source RPM package required LDAP to be installed. Single Network Firewall 7.2 users do not need to upgrade to these packages to have a properly function squid." ); script_set_attribute( attribute:"see_also", value:"http://www.squid-cache.org/Advisories/SQUID-2002_1.txt" ); script_set_attribute(attribute:"solution", value:"Update the affected squid package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:squid"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.0"); script_set_attribute(attribute:"patch_publication_date", value:"2002/02/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"squid-2.4.STABLE4-1.5mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"squid-2.4.STABLE4-1.5mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"squid-2.4.STABLE4-1.6mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Firewalls NASL id SQUID_OVERFLOWS.NASL description The remote squid caching proxy, according to its version number, is vulnerable to various buffer overflows. An attacker may use these to gain a shell on this system. last seen 2020-06-01 modified 2020-06-02 plugin id 10923 published 2002-03-27 reporter This script is Copyright (C) 2002-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/10923 title Squid FTP URL Special Character Handling Remote Overflow code # # (C) Tenable Network Security, Inc. # include( 'compat.inc' ); if(description) { script_id(10923); script_version ("1.24"); script_cve_id("CVE-2002-0068"); script_bugtraq_id(4148); script_name(english:"Squid FTP URL Special Character Handling Remote Overflow"); script_summary(english:"Determines squid version"); script_set_attribute( attribute:'synopsis', value:'The remote service is vulnerable to a buffer overflow.' ); script_set_attribute( attribute:'description', value:'The remote squid caching proxy, according to its version number, is vulnerable to various buffer overflows. An attacker may use these to gain a shell on this system.' ); script_set_attribute( attribute:'solution', value:'Upgrade to squid 2.4.STABLE7 or newer' ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute( attribute:'see_also', value:'http://www.squid-cache.org/Advisories/SQUID-2002_1.txt' ); script_set_attribute(attribute:"plugin_publication_date", value: "2002/03/27"); script_set_attribute(attribute:"vuln_publication_date", value: "2002/02/21"); script_cvs_date("Date: 2018/07/30 15:31:32"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:squid-cache:squid"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2002-2018 Tenable Network Security, Inc."); script_family(english:"Firewalls"); script_dependencie("find_service1.nasl"); script_require_ports("Services/http_proxy",3128, 8080); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_kb_item("Services/http_proxy"); if(!port) { if(get_port_state(3128)) { port = 3128; } else port = 8080; } if (! get_port_state(port)) exit(0, "Port "+port+" is closed"); res = http_get_cache(item:"/", port:port, exit_on_fail: 1); if(egrep(pattern:"Squid/2\.([0-3]\.|4\.STABLE[0-6]([^0-9]|$))", string:res)) security_hole(port);
Redhat
| advisories |
|
References
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc
- http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html
- http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464
- http://marc.info/?l=bugtraq&m=101431040422095&w=2
- http://marc.info/?l=bugtraq&m=101431040422095&w=2
- http://marc.info/?l=bugtraq&m=101440163111826&w=2
- http://marc.info/?l=bugtraq&m=101440163111826&w=2
- http://marc.info/?l=bugtraq&m=101443252627021&w=2
- http://marc.info/?l=bugtraq&m=101443252627021&w=2
- http://www.caldera.com/support/security/advisories/CSSA-2002-010.0.txt
- http://www.caldera.com/support/security/advisories/CSSA-2002-010.0.txt
- http://www.iss.net/security_center/static/8258.php
- http://www.iss.net/security_center/static/8258.php
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php
- http://www.novell.com/linux/security/advisories/2002_008_squid_txt.html
- http://www.novell.com/linux/security/advisories/2002_008_squid_txt.html
- http://www.osvdb.org/5378
- http://www.osvdb.org/5378
- http://www.redhat.com/support/errata/RHSA-2002-029.html
- http://www.redhat.com/support/errata/RHSA-2002-029.html
- http://www.securityfocus.com/bid/4148
- http://www.securityfocus.com/bid/4148
- http://www.squid-cache.org/Versions/v2/2.4/bugs/
- http://www.squid-cache.org/Versions/v2/2.4/bugs/