CVE-2005-0095

Published: Jan 15, 2005Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers.

Affected (27)

Products: Squid: Squid

1 product

Configuration A

27 vulnerable

Vulnerable Software	Affected Versions
Squid Squid	Version 2.0_patch2
Squid Squid	Version 2.1_patch2
Squid Squid	Version 2.3_.stable4
Squid Squid	Version 2.3_.stable5
Squid Squid	Version 2.3_stable5
Squid Squid	Version 2.4
Squid Squid	Version 2.4_.stable2
Squid Squid	Version 2.4_.stable6
Squid Squid	Version 2.4_.stable7
Squid Squid	Version 2.4_stable7
Squid Squid	Version 2.5.6
Squid Squid	Version 2.5.stable1
Squid Squid	Version 2.5.stable2
Squid Squid	Version 2.5.stable3
Squid Squid	Version 2.5.stable4
Squid Squid	Version 2.5.stable5
Squid Squid	Version 2.5.stable6
Squid Squid	Version 2.5.stable7
Squid Squid	Version 2.5_.stable1
Squid Squid	Version 2.5_.stable3
Squid Squid	Version 2.5_.stable4
Squid Squid	Version 2.5_.stable5
Squid Squid	Version 2.5_.stable6
Squid Squid	Version 2.5_stable3
Squid Squid	Version 2.5_stable4
Squid Squid	Version 2.5_stable9
Squid Squid	Version 2.6.stable1

References (32)

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923

Source: cve@mitre.org

PatchVendor Advisory

http://fedoranews.org/updates/FEDORA--.shtml

Source: cve@mitre.org

http://secunia.com/advisories/13825

Source: cve@mitre.org

PatchVendor Advisory

http://security.gentoo.org/glsa/glsa-200501-25.xml

Source: cve@mitre.org

PatchVendor Advisory

http://securitytracker.com/id?1012882

Source: cve@mitre.org

http://www.debian.org/security/2005/dsa-651

Source: cve@mitre.org

PatchVendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2005:014

Source: cve@mitre.org

http://www.novell.com/linux/security/advisories/2005_06_squid.html

Source: cve@mitre.org

PatchVendor Advisory

http://www.osvdb.org/12886

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2005-060.html

Source: cve@mitre.org

PatchVendor Advisory

http://www.redhat.com/support/errata/RHSA-2005-061.html

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/bid/12275

Source: cve@mitre.org

http://www.squid-cache.org/Advisories/SQUID-2005_2.txt

Source: cve@mitre.org

PatchVendor Advisory

http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_denial_of_service.patch

Source: cve@mitre.org

ExploitVendor Advisory

http://www.trustix.org/errata/2005/0003/

Source: cve@mitre.org

PatchVendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10269

Source: cve@mitre.org

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://fedoranews.org/updates/FEDORA--.shtml

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/13825

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://security.gentoo.org/glsa/glsa-200501-25.xml

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://securitytracker.com/id?1012882

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2005/dsa-651

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2005:014

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.novell.com/linux/security/advisories/2005_06_squid.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.osvdb.org/12886

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2005-060.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.redhat.com/support/errata/RHSA-2005-061.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/12275

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.squid-cache.org/Advisories/SQUID-2005_2.txt

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_denial_of_service.patch

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

http://www.trustix.org/errata/2005/0003/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10269

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.