CVE-2005-0095
published 2005-01-15CVE-2005-0095: The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with…
PriorityP431medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
68.78%
99.3th percentile
The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers.
Affected
32 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | squid | < squid 2.5.7-4 (bookworm) | squid 2.5.7-4 (bookworm) |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Malformed WCCP message must contain an invalid WCCP_I_SEE_YOU cache number to trigger the crash in Squid's WCCP message parsing code ↗
- ·Affected versions are Squid 2.5.STABLE7 and earlier; Debian fixed in package version 2.5.7-4 ↗
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f5hx-2mw6-fpj8: The WCCP message parsing code in Squid 2
ghsa_unreviewed·2022-05-01
CVE-2005-0095 [MEDIUM] GHSA-f5hx-2mw6-fpj8: The WCCP message parsing code in Squid 2
The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers.
OSV
CVE-2005-0095: The WCCP message parsing code in Squid 2
osv·2005-01-15·CVSS 5.0
CVE-2005-0095 [MEDIUM] CVE-2005-0095: The WCCP message parsing code in Squid 2
The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers.
Ubuntu
Squid vulnerabilities
vendor_ubuntu·2005-01-21
CVE-2005-0094 Squid vulnerabilities
Title: Squid vulnerabilities
Summary: Squid vulnerabilities
infamous41md discovered several Denial of Service vulnerabilities in
squid.
A malicious Gopher server could crash squid by sending a line bigger
than 4096 bytes. (CAN-2005-0094)
If squid is configured to send WCPP (Web Cache Communication Protocol)
messages to a "home router", an attacker who was able to send UDP
packets with a forged source address of this router could crash the
erver with a specially crafted WCPP message. (CAN-2005-0095)
Previous versions of squid have a memory leak which gradually cause
memory exhaustion and eventual termination. (CAN-2005-0096)
A remote attacker could crash the server by sending a specially
crafted NTLM type 3 packet. (CAN-2005-0097)
Instructions: In general, a standard system update w
Red Hat
security flaw
vendor_redhat·2005-01-12·CVSS 5.0
CVE-2005-0095 [MEDIUM] security flaw
security flaw
The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers.
Debian
CVE-2005-0095: squid - The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote att...
vendor_debian·2005·CVSS 5.0
CVE-2005-0095 [MEDIUM] CVE-2005-0095: squid - The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote att...
The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers.
Scope: local
bookworm: resolved (fixed in 2.5.7-4)
bullseye: resolved (fixed in 2.5.7-4)
forky: resolved (fixed in 2.5.7-4)
sid: resolved (fixed in 2.5.7-4)
trixie: resolved (fixed in 2.5.7-4)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2005-0095 security flaw
bugzilla·2018-08-16·CVSS 5.0
CVE-2005-0095 [MEDIUM] CVE-2005-0095 security flaw
CVE-2005-0095 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers.
Bugzilla
Squid Multiple Vulnerabilities (CVE-2004-0541 CVE-2004-0832 CVE-2004-0918 CVE-2005-0094 CVE-2005-0095 CVE-2005-0096 CVE-2005-0097 CVE-2005-0446 CVE-2005-0626 CVE-2005-0718 CVE-1999-0710 CVE-2005-1345
bugzilla·2004-10-11·CVSS 7.5
CVE-2004-0541 [HIGH] Squid Multiple Vulnerabilities (CVE-2004-0541 CVE-2004-0832 CVE-2004-0918 CVE-2005-0094 CVE-2005-0095 CVE-2005-0096 CVE-2005-0097 CVE-2005-0446 CVE-2005-0626 CVE-2005-0718 CVE-1999-0710 CVE-2005-1345
Squid Multiple Vulnerabilities (CVE-2004-0541 CVE-2004-0832 CVE-2004-0918 CVE-2005-0094 CVE-2005-0095 CVE-2005-0096 CVE-2005-0097 CVE-2005-0446 CVE-2005-0626 CVE-2005-0718 CVE-1999-0710 CVE-2005-1345 CVE-2005-1519 CVE-2004-2479 CVE-2005-2794 CVE-2005-...
iDEFENSE reported on 2004-10-11 a vulnerability in the squid SNMP
module. This issue could lead to a potential DOS (it will restart
the server, dropping all open connections).
http://www.idefense.com/application/poi/display?id=152&type=vulnerabilities
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=135320
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=135319
------- Additional Comments From [email protected] 2004-10-11 19:30:05 ----
Patch available here:
http://www1.uk.squid-cache.org/squid/Versions/v2/2
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923http://fedoranews.org/updates/FEDORA--.shtmlhttp://secunia.com/advisories/13825http://security.gentoo.org/glsa/glsa-200501-25.xmlhttp://securitytracker.com/id?1012882http://www.debian.org/security/2005/dsa-651http://www.mandriva.com/security/advisories?name=MDKSA-2005:014http://www.novell.com/linux/security/advisories/2005_06_squid.htmlhttp://www.osvdb.org/12886http://www.redhat.com/support/errata/RHSA-2005-060.htmlhttp://www.redhat.com/support/errata/RHSA-2005-061.htmlhttp://www.securityfocus.com/bid/12275http://www.squid-cache.org/Advisories/SQUID-2005_2.txthttp://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_denial_of_service.patchhttp://www.trustix.org/errata/2005/0003/https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10269http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923http://fedoranews.org/updates/FEDORA--.shtmlhttp://secunia.com/advisories/13825http://security.gentoo.org/glsa/glsa-200501-25.xmlhttp://securitytracker.com/id?1012882http://www.debian.org/security/2005/dsa-651http://www.mandriva.com/security/advisories?name=MDKSA-2005:014http://www.novell.com/linux/security/advisories/2005_06_squid.htmlhttp://www.osvdb.org/12886http://www.redhat.com/support/errata/RHSA-2005-060.htmlhttp://www.redhat.com/support/errata/RHSA-2005-061.htmlhttp://www.securityfocus.com/bid/12275http://www.squid-cache.org/Advisories/SQUID-2005_2.txthttp://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_denial_of_service.patchhttp://www.trustix.org/errata/2005/0003/https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10269
2005-01-15
Published