PT-2007-7533 · Squid · Squid+1
David Duncan Ross Palmer
+1
·
Published
1970-01-01
·
Updated
2017-07-29
·
CVE-2007-0247
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Squid versions prior to 2.6.STABLE7
Description
The issue concerns multiple vulnerabilities in the Squid package that can lead to a disruption in the availability of protected information. These vulnerabilities can be exploited remotely, potentially causing a denial of service. Specifically, the
ftpListingFinish and ftpHtmlifyListEntry functions in squid/src/ftp.c are affected, allowing remote FTP servers to cause a core dump via crafted FTP directory listing responses.Recommendations
For Squid versions prior to 2.6.STABLE7, update to version 2.6.STABLE7 or later to resolve the issue.
As a temporary workaround, consider restricting access to the
ftpListingFinish and ftpHtmlifyListEntry functions until a patch is available.Exploit
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Squid
Squid Cache