CVE-2007-0247
published 2007-01-16CVE-2007-0247: squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses…
PriorityP429medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
19.09%
97.0th percentile
squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | squid | < squid 2.6.5-4 (bookworm) | squid 2.6.5-4 (bookworm) |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | >= 0 < 2.6.5-4 | 2.6.5-4 |
| squid | squid | >= 0 < 2.6.5-4 | 2.6.5-4 |
| squid | squid | >= 0 < 2.6.5-4 | 2.6.5-4 |
| squid | squid | >= 0 < 2.6.5-4 | 2.6.5-4 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
vendor_ubuntu5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Squid vulnerabilities
vendor_ubuntu·2007-01-25·CVSS 5.0
CVE-2007-0247 [MEDIUM] Squid vulnerabilities
Title: Squid vulnerabilities
Summary: Squid vulnerabilities
David Duncan Ross Palmer and Henrik Nordstrom discovered that squid
incorrectly handled special characters in FTP URLs. Remote users with
access to squid could crash the server leading to a denial of service.
(CVE-2007-0247)
Erick Dantas Rotole and Henrik Nordstrom discovered that squid could end
up in an endless loop when exhausted of available external ACL helpers.
Remote users with access to squid could cause CPU starvation, possibly
leading to a denial of service. This does not affect a default Ubuntu
installation, since external ACL helpers must be configured and used.
(CVE-2007-0248)
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
CVE-2007-0247 Squid crashes when receiving certain FTP listings
vendor_redhat·2007-01-13·CVSS 5.0
CVE-2007-0247 [MEDIUM] CVE-2007-0247 Squid crashes when receiving certain FTP listings
CVE-2007-0247 Squid crashes when receiving certain FTP listings
squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
Debian
CVE-2007-0247: squid - squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a...
vendor_debian·2007·CVSS 5.0
CVE-2007-0247 [MEDIUM] CVE-2007-0247: squid - squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a...
squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions.
Scope: local
bookworm: resolved (fixed in 2.6.5-4)
bullseye: resolved (fixed in 2.6.5-4)
forky: resolved (fixed in 2.6.5-4)
sid: resolved (fixed in 2.6.5-4)
trixie: resolved (fixed in 2.6.5-4)
GHSA
GHSA-qjvg-797h-7j24: squid/src/ftp
ghsa_unreviewed·2022-05-01
CVE-2007-0247 [MEDIUM] GHSA-qjvg-797h-7j24: squid/src/ftp
squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions.
OSV
CVE-2007-0247: squid/src/ftp
osv·2007-01-16·CVSS 5.0
CVE-2007-0247 [MEDIUM] CVE-2007-0247: squid/src/ftp
squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions.
No detection rules found.
http://fedoranews.org/cms/node/2442http://osvdb.org/39839http://secunia.com/advisories/23767http://secunia.com/advisories/23805http://secunia.com/advisories/23810http://secunia.com/advisories/23837http://secunia.com/advisories/23889http://secunia.com/advisories/23921http://secunia.com/advisories/23946http://www.gentoo.org/security/en/glsa/glsa-200701-22.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:026http://www.novell.com/linux/security/advisories/2007_12_squid.htmlhttp://www.securityfocus.com/bid/22079http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12http://www.squid-cache.org/bugs/show_bug.cgi?id=1857http://www.trustix.org/errata/2007/0003/http://www.ubuntu.com/usn/usn-414-1http://www.vupen.com/english/advisories/2007/0199https://exchange.xforce.ibmcloud.com/vulnerabilities/31523http://fedoranews.org/cms/node/2442http://osvdb.org/39839http://secunia.com/advisories/23767http://secunia.com/advisories/23805http://secunia.com/advisories/23810http://secunia.com/advisories/23837http://secunia.com/advisories/23889http://secunia.com/advisories/23921http://secunia.com/advisories/23946http://www.gentoo.org/security/en/glsa/glsa-200701-22.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:026http://www.novell.com/linux/security/advisories/2007_12_squid.htmlhttp://www.securityfocus.com/bid/22079http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12http://www.squid-cache.org/bugs/show_bug.cgi?id=1857http://www.trustix.org/errata/2007/0003/http://www.ubuntu.com/usn/usn-414-1http://www.vupen.com/english/advisories/2007/0199https://exchange.xforce.ibmcloud.com/vulnerabilities/31523
2007-01-16
Published