Squid Proxy Oversize HTTP Headers Unspecified Remote Vulnerability
BID:12412
Info
Squid Proxy Oversize HTTP Headers Unspecified Remote Vulnerability
| Bugtraq ID: | 12412 |
| Class: | Unknown |
| CVE: |
CVE-2005-0174 CVE-2005-0241 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 01 2005 12:00AM |
| Updated: | Mar 07 2007 05:25AM |
| Credit: | The individual or individuals responsible for the discovery of this issue are currently unknown; the vendor disclosed this issue. |
| Vulnerable: |
Turbolinux Turbolinux Workstation 8.0 Turbolinux Turbolinux Workstation 7.0 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Server 8.0 Turbolinux Turbolinux Server 7.0 Turbolinux Appliance Server Workgroup Edition 1.0 Turbolinux Appliance Server Hosting Edition 1.0 SuSE Linux 8.1 SuSE Linux 8.0 i386 SuSE Linux 8.0 Squid Web Proxy Cache 2.5 .STABLE7 Squid Web Proxy Cache 2.5 .STABLE6 Squid Web Proxy Cache 2.5 .STABLE5 Squid Web Proxy Cache 2.5 .STABLE4 Squid Web Proxy Cache 2.5 .STABLE3 Squid Web Proxy Cache 2.5 .STABLE1 SGI ProPack 3.0 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 Redhat Linux 9.0 i386 Redhat Linux 7.3 i386 Redhat Fedora Core2 Redhat Fedora Core1 Astaro Security Linux 4.0 17 Astaro Security Linux 4.0 16 Astaro Security Linux 4.0 08 Astaro Security Linux 3.217 Astaro Security Linux 3.2 16 Astaro Security Linux 3.2 15 Astaro Security Linux 3.2 12 Astaro Security Linux 3.2 11 Astaro Security Linux 3.2 10 Astaro Security Linux 3.2 00 Astaro Security Linux 2.0 30 Astaro Security Linux 2.0 27 Astaro Security Linux 2.0 26 Astaro Security Linux 2.0 25 Astaro Security Linux 2.0 24 Astaro Security Linux 2.0 23 Astaro Security Linux 2.0 16 |
| Not Vulnerable: | |
Discussion
Squid Proxy Oversize HTTP Headers Unspecified Remote Vulnerability
A remote unspecified vulnerability reportedly affects Squid Proxy. This issue is due to the application's failure to properly handle malformed HTTP headers.
The impact of this issue is currently unknown. This BID will be updated when more information becomes available.
A remote unspecified vulnerability reportedly affects Squid Proxy. This issue is due to the application's failure to properly handle malformed HTTP headers.
The impact of this issue is currently unknown. This BID will be updated when more information becomes available.
Exploit / POC
Squid Proxy Oversize HTTP Headers Unspecified Remote Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Squid Proxy Oversize HTTP Headers Unspecified Remote Vulnerability
Solution:
Please see the referenced vendor advisories for more information and fixes.
Squid Web Proxy Cache 2.5 .STABLE4
Squid Web Proxy Cache 2.5 .STABLE7
Squid Web Proxy Cache 2.5 .STABLE6
Squid Web Proxy Cache 2.5 .STABLE1
Squid Web Proxy Cache 2.5 .STABLE3
Squid Web Proxy Cache 2.5 .STABLE5
SGI ProPack 3.0
Solution:
Please see the referenced vendor advisories for more information and fixes.
Squid Web Proxy Cache 2.5 .STABLE4
-
Mandrake squid-2.5.STABLE4-1.100mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE4-1.2.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE4-1.2.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE4-2.1.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE4-2.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE4-2.2.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE4-2.2.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE4-2.3.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE4-2.3.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE4-2.3.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE4-2.4.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE4-2.4.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE4-2.4.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE4-2.4.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE4-2.5.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE4-2.5.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE4-2.5.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE4-2.5.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php
Squid Web Proxy Cache 2.5 .STABLE7
-
Squid squid-2.5.STABLE7-oversize_reply_headers.patch
http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-over size_reply_headers.patch
Squid Web Proxy Cache 2.5 .STABLE6
-
Fedora squid-2.5.STABLE9-1.FC3.6.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora squid-2.5.STABLE9-1.FC3.6.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora squid-debuginfo-2.5.STABLE9-1.FC3.6.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora squid-debuginfo-2.5.STABLE9-1.FC3.6.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Mandrake squid-2.5.STABLE6-2.2.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE6-2.2.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE6-2.3.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE6-2.3.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE6-2.4.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
SuSE squid-2.5.STABLE6-6.4.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/squid-2.5.STABLE6 -6.4.i586.rpm -
SuSE squid-2.5.STABLE6-6.4.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/squid-2.5.STA BLE6-6.4.x86_64.rpm -
SuSE squid-2.5.STABLE6-6.6.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/squid-2.5.STABLE6 -6.6.i586.rpm -
SuSE squid-2.5.STABLE6-6.6.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/squid-2.5.STA BLE6-6.6.x86_64.rpm -
Turbolinux squid-2.5.STABLE10-3.i586.rpm
Turbolinux 10 Server
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/squid-2.5.STABLE10-3.i586.rpm -
Turbolinux squid-debug-2.5.STABLE10-3.i586.rpm
Turbolinux 10 Server:
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/squid-debug-2.5.STABLE10-3.i586.rpm
Squid Web Proxy Cache 2.5 .STABLE1
-
Mandrake squid-2.5.STABLE1-7.1.91mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE1-7.1.91mdk.ppc.rpm
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE1-7.2.91mdk.i586.rpm
Mandrake Linux 9.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE1-7.2.91mdk.ppc.rpm
Mandrake Linux 9.1/PPC
http://www.mandrakesecure.net/en/ftp.php -
RedHat squid-2.5.STABLE1-9.10.legacy.i386.rpm
Red Hat Linux 9:
http://download.fedoralegacy.org/redhat/9/updates/i386/squid-2.5.STABL E1-9.10.legacy.i386.rpm -
SuSE squid-2.5.STABLE1-104.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/squid-2.5.STABLE1 -104.i586.rpm -
SuSE squid-2.5.STABLE1-106.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/squid-2.5.STABLE1 -106.i586.rpm
Squid Web Proxy Cache 2.5 .STABLE3
-
Mandrake squid-2.5.STABLE3-3.1.92mdk.amd64.rpm
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE3-3.1.92mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE3-3.2.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE3-3.2.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE3-3.3.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE3-3.3.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE3-3.4.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE3-3.4.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE3-3.5.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE3-3.5.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE3-3.6.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE3-3.6.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE3-3.7.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake squid-2.5.STABLE3-3.7.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php -
RedHat squid-2.5.STABLE3-2.fc1.6.legacy.i386.rpm
Fedora Core 1:
http://download.fedoralegacy.org/fedora/1/updates/i386/squid-2.5.STABL E3-2.fc1.6.legacy.i386.rpm -
SuSE squid-2.5.STABLE3-116.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/squid-2.5.STABLE3 -116.i586.rpm -
SuSE squid-2.5.STABLE3-116.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/squid-2.5.STA BLE3-116.x86_64.rpm -
SuSE squid-2.5.STABLE3-118.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/squid-2.5.STABLE3 -118.i586.rpm -
SuSE squid-2.5.STABLE3-118.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/squid-2.5.STA BLE3-118.x86_64.rpm
Squid Web Proxy Cache 2.5 .STABLE5
-
RedHat squid-2.5.STABLE9-1.FC2.4.legacy.i386.rpm
Fedora Core 2:
http://download.fedoralegacy.org/fedora/2/updates/i386/squid-2.5.STABL E9-1.FC2.4.legacy.i386.rpm -
SuSE squid-2.5.STABLE5-42.24.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/squid-2.5.STABLE5 -42.24.i586.rpm -
SuSE squid-2.5.STABLE5-42.24.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/squid-2.5.STA BLE5-42.24.x86_64.rpm -
SuSE squid-2.5.STABLE5-42.27.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/squid-2.5.STABLE5 -42.27.i586.rpm -
SuSE squid-2.5.STABLE5-42.27.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/squid-2.5.STA BLE5-42.27.x86_64.rpm -
Ubuntu squid-cgi_2.5.5-6ubuntu0.4_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5. 5-6ubuntu0.4_amd64.deb -
Ubuntu squid-cgi_2.5.5-6ubuntu0.4_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5. 5-6ubuntu0.4_i386.deb -
Ubuntu squid-cgi_2.5.5-6ubuntu0.4_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5. 5-6ubuntu0.4_powerpc.deb -
Ubuntu squid-common_2.5.5-6ubuntu0.4_all.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.5 -6ubuntu0.4_all.deb -
Ubuntu squid_2.5.5-6ubuntu0.4_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubunt u0.4_amd64.deb -
Ubuntu squid_2.5.5-6ubuntu0.4_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubunt u0.4_i386.deb -
Ubuntu squid_2.5.5-6ubuntu0.4_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubunt u0.4_powerpc.deb -
Ubuntu squidclient_2.5.5-6ubuntu0.4_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2. 5.5-6ubuntu0.4_amd64.deb -
Ubuntu squidclient_2.5.5-6ubuntu0.4_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2. 5.5-6ubuntu0.4_i386.deb -
Ubuntu squidclient_2.5.5-6ubuntu0.4_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2. 5.5-6ubuntu0.4_powerpc.deb
SGI ProPack 3.0
-
SGI Patch10144
http://support.sgi.com/
References
Squid Proxy Oversize HTTP Headers Unspecified Remote Vulnerability
References:
References:
- Correct handling of oversized reply headers (Squid)
- RHSA-2005:061-19 - Updated Squid package fixes security issues (RedHat)
- Squid Web Proxy Cache Homepage (Squid)
- Up2Date 5.200 (Astaro)