BID:12432

Squid Proxy WCCP recvfrom() Buffer Overflow Vulnerability

Info

Squid Proxy WCCP recvfrom() Buffer Overflow Vulnerability

Bugtraq ID:	12432
Class:	Boundary Condition Error
CVE:	CVE-2005-0211
Remote:	Yes
Local:	No
Published:	Feb 02 2005 12:00AM
Updated:	Feb 21 2007 08:46PM
Credit:	Discovered by FSC Internet Corporation.
Vulnerable:	SuSE Linux 8.1 SuSE Linux 8.0 i386 SuSE Linux 8.0 Squid Web Proxy Cache 2.5 .STABLE7 + Gentoo Linux + Redhat Fedora Core3 + Redhat Fedora Core2 Squid Web Proxy Cache 2.5 .STABLE6 + Mandriva Linux Mandrake 10.1 x86_64 + S.u.S.E. Linux Personal 9.2 x86_64 + S.u.S.E. Linux Personal 9.2 + Turbolinux Appliance Server 1.0 Workgroup Edition + Turbolinux Appliance Server 1.0 Hosting Edition + Turbolinux Appliance Server Hosting Edition 1.0 + Turbolinux Appliance Server Workgroup Edition 1.0 + Turbolinux Turbolinux Server 10.0 + Turbolinux Turbolinux Server 8.0 + Turbolinux Turbolinux Server 7.0 + Turbolinux Turbolinux Workstation 8.0 + Turbolinux Turbolinux Workstation 7.0 Squid Web Proxy Cache 2.5 .STABLE5 + S.u.S.E. Linux Personal 9.1 x86_64 + S.u.S.E. Linux Personal 9.1 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 Squid Web Proxy Cache 2.5 .STABLE4 + MandrakeSoft Corporate Server 3.0 + Mandriva Linux Mandrake 10.0 AMD64 + Mandriva Linux Mandrake 10.0 + OpenPKG OpenPKG 2.0 + OpenPKG OpenPKG Current Squid Web Proxy Cache 2.5 .STABLE3 + Mandriva Linux Mandrake 9.2 amd64 + Mandriva Linux Mandrake 9.2 + OpenPKG OpenPKG 1.3 + Redhat Desktop 3.0 + Redhat Enterprise Linux AS 3 + Redhat Enterprise Linux ES 3 + Redhat Enterprise Linux WS 3 + Redhat Fedora Core1 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 Squid Web Proxy Cache 2.5 .STABLE1 + Mandriva Linux Mandrake 9.1 ppc + Mandriva Linux Mandrake 9.1 + S.u.S.E. Linux Personal 8.2 Squid Web Proxy Cache 2.4 .STABLE7 + MandrakeSoft Corporate Server 2.1 x86_64 + MandrakeSoft Corporate Server 2.1 + MandrakeSoft Multi Network Firewall 2.0 + Redhat Enterprise Linux AS 2.1 IA64 + Redhat Enterprise Linux AS 2.1 + Redhat Enterprise Linux ES 2.1 IA64 + Redhat Enterprise Linux ES 2.1 + Redhat Enterprise Linux WS 2.1 IA64 + Redhat Enterprise Linux WS 2.1 + Redhat Linux Advanced Work Station 2.1 Squid Web Proxy Cache 2.4 .STABLE6 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 Squid Web Proxy Cache 2.4 .STABLE2 Squid Web Proxy Cache 2.4 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 Squid Web Proxy Cache 2.3 .STABLE5 Squid Web Proxy Cache 2.3 .STABLE4 Squid Web Proxy Cache 2.1 PATCH2 Squid Web Proxy Cache 2.0 PATCH2 SGI ProPack 3.0 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 Redhat Linux 9.0 i386 Redhat Linux 7.3 i386 Redhat Fedora Core2 Redhat Fedora Core1 Astaro Security Linux 4.0 16 Astaro Security Linux 4.0 08 Astaro Security Linux 3.217 Astaro Security Linux 3.2 16 Astaro Security Linux 3.2 15 Astaro Security Linux 3.2 12 Astaro Security Linux 3.2 11 Astaro Security Linux 3.2 10 Astaro Security Linux 3.2 00 Astaro Security Linux 2.0 30 Astaro Security Linux 2.0 27 Astaro Security Linux 2.0 26 Astaro Security Linux 2.0 25 Astaro Security Linux 2.0 24 Astaro Security Linux 2.0 23 Astaro Security Linux 2.0 16

Not Vulnerable:

Discussion

Squid Proxy WCCP recvfrom() Buffer Overflow Vulnerability

The Squid proxy server is vulnerable to a remotely exploitable buffer-overflow vulnerability. The vulnerability resides in Squid's implementation of WCCP (web cache communication protocol), a UDP-based web cache management protocol. The condition is triggered when the server reads a packet that is larger than the size of the buffer allocated to store it. This can occur because 'recvfrom()' is passed an incorrect value for its 'len' argument.

Exploit / POC

Squid Proxy WCCP recvfrom() Buffer Overflow Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

Squid Proxy WCCP recvfrom() Buffer Overflow Vulnerability

Solution:
Please see the referenced vendor advisories for more information and fixes.

Squid Web Proxy Cache 2.4 .STABLE7

Mandrake squid-2.4.STABLE7-1.2.M82mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.4.STABLE7-2.1.C21mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.4.STABLE7-2.1.C21mdk.x86_64.rpm
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.4.STABLE7-2.2.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.4.STABLE7-2.2.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/x86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.4.STABLE7-2.3.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.4.STABLE7-2.3.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/x86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.4.STABLE7-2.4.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.4.STABLE7-2.4.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/x86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.4.STABLE7-2.5.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.4.STABLE7-2.5.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/x86_64
http://www.mandrakesecure.net/en/ftp.php

SuSE squid-2.4.STABLE7-288.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/squid-2.4.STABLE7 -288.i586.rpm

Squid Web Proxy Cache 2.4 .STABLE6

Debian squid-cgi_2.4.6-2woody6_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2 woody6_alpha.deb

Debian squid-cgi_2.4.6-2woody6_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2 woody6_arm.deb

Debian squid-cgi_2.4.6-2woody6_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2 woody6_hppa.deb

Debian squid-cgi_2.4.6-2woody6_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2 woody6_i386.deb

Debian squid-cgi_2.4.6-2woody6_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2 woody6_ia64.deb

Debian squid-cgi_2.4.6-2woody6_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2 woody6_m68k.deb

Debian squid-cgi_2.4.6-2woody6_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2 woody6_mips.deb

Debian squid-cgi_2.4.6-2woody6_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2 woody6_mipsel.deb

Debian squid-cgi_2.4.6-2woody6_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2 woody6_powerpc.deb

Debian squid-cgi_2.4.6-2woody6_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2 woody6_s390.deb

Debian squid-cgi_2.4.6-2woody6_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2 woody6_sparc.deb

Debian squid_2.4.6-2woody6_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2wood y6_alpha.deb

Debian squid_2.4.6-2woody6_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2wood y6_arm.deb

Debian squid_2.4.6-2woody6_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2wood y6_hppa.deb

Debian squid_2.4.6-2woody6_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2wood y6_i386.deb

Debian squid_2.4.6-2woody6_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2wood y6_ia64.deb

Debian squid_2.4.6-2woody6_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2wood y6_m68k.deb

Debian squid_2.4.6-2woody6_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2wood y6_mips.deb

Debian squid_2.4.6-2woody6_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2wood y6_mipsel.deb

Debian squid_2.4.6-2woody6_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2wood y6_powerpc.deb

Debian squid_2.4.6-2woody6_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2wood y6_s390.deb

Debian squid_2.4.6-2woody6_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2wood y6_sparc.deb

Debian squidclient_2.4.6-2woody6_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6 -2woody6_alpha.deb

Debian squidclient_2.4.6-2woody6_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6 -2woody6_arm.deb

Debian squidclient_2.4.6-2woody6_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6 -2woody6_hppa.deb

Debian squidclient_2.4.6-2woody6_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6 -2woody6_i386.deb

Debian squidclient_2.4.6-2woody6_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6 -2woody6_ia64.deb

Debian squidclient_2.4.6-2woody6_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6 -2woody6_m68k.deb

Debian squidclient_2.4.6-2woody6_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6 -2woody6_mips.deb

Debian squidclient_2.4.6-2woody6_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6 -2woody6_mipsel.deb

Debian squidclient_2.4.6-2woody6_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6 -2woody6_powerpc.deb

Debian squidclient_2.4.6-2woody6_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6 -2woody6_s390.deb

Debian squidclient_2.4.6-2woody6_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6 -2woody6_sparc.deb

RedHat squid-2.4.STABLE7-0.73.3.legacy.i386.rpm
Red Hat Linux 7.3:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/squid-2.4.STA BLE7-0.73.3.legacy.i386.rpm

Squid Web Proxy Cache 2.4 .STABLE2

Mandrake squid-2.4.STABLE7-1.3.M82mdk.i586.rpm
Mandrake Multi Network Firewall 8.2
http://www.mandrakesecure.net/en/ftp.php

Squid Web Proxy Cache 2.5 .STABLE4

Mandrake squid-2.5.STABLE4-1.100mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-1.2.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-1.2.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-2.1.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-2.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-2.2.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-2.2.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-2.3.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-2.3.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-2.3.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-2.4.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-2.4.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-2.4.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-2.4.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-2.5.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-2.5.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-2.5.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-2.5.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php

Squid Web Proxy Cache 2.5 .STABLE7

Squid squid-2.5.STABLE7-wccp_buffer_overflow.patch
http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp _buffer_overflow.patch

Squid Web Proxy Cache 2.5 .STABLE6

Fedora squid-2.5.STABLE7-1.FC3.1.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora squid-2.5.STABLE7-1.FC3.1.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora squid-debuginfo-2.5.STABLE7-1.FC3.1.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora squid-debuginfo-2.5.STABLE7-1.FC3.1.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Mandrake squid-2.5.STABLE6-2.2.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE6-2.2.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE6-2.3.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE6-2.3.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE6-2.4.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php

SuSE squid-2.5.STABLE6-6.6.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/squid-2.5.STABLE6 -6.6.i586.rpm

SuSE squid-2.5.STABLE6-6.6.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/squid-2.5.STA BLE6-6.6.x86_64.rpm

TurboLinux squid-2.5.STABLE6-18.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/squid-2.5.STABLE6-18.i586.rpm

TurboLinux squid-2.5.STABLE6-18.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/upd ates/RPMS/squid-2.5.STABLE6-18.i586.rpm

TurboLinux squid-2.5.STABLE6-18.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/upd ates/RPMS/squid-2.5.STABLE6-18.i586.rpm

TurboLinux squid-2.5.STABLE6-18.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 7/updates/RPMS/squid-2.5.STABLE6-18.i586.rpm

TurboLinux squid-2.5.STABLE6-18.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 8/updates/RPMS/squid-2.5.STABLE6-18.i586.rpm

TurboLinux squid-debug-2.5.STABLE6-18.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/squid-debug-2.5.STABLE6-18.i586.rpm

Squid Web Proxy Cache 2.5 .STABLE1

Mandrake squid-2.5.STABLE1-7.1.91mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE1-7.1.91mdk.ppc.rpm
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE1-7.2.91mdk.i586.rpm
Mandrake Linux 9.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE1-7.2.91mdk.ppc.rpm
Mandrake Linux 9.1/PPC
http://www.mandrakesecure.net/en/ftp.php

RedHat squid-2.5.STABLE1-9.10.legacy.i386.rpm
Red Hat Linux 9:
http://download.fedoralegacy.org/redhat/9/updates/i386/squid-2.5.STABL E1-9.10.legacy.i386.rpm

SuSE squid-2.5.STABLE1-106.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/squid-2.5.STABLE1 -106.i586.rpm

Squid Web Proxy Cache 2.5 .STABLE3

Mandrake squid-2.5.STABLE3-3.1.92mdk.amd64.rpm
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE3-3.1.92mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE3-3.2.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE3-3.2.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE3-3.3.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE3-3.3.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE3-3.4.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE3-3.4.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE3-3.5.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE3-3.5.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE3-3.6.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE3-3.6.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE3-3.7.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE3-3.7.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php

RedHat squid-2.5.STABLE3-2.fc1.6.legacy.i386.rpm
Fedora Core 1:
http://download.fedoralegacy.org/fedora/1/updates/i386/squid-2.5.STABL E3-2.fc1.6.legacy.i386.rpm

SuSE squid-2.5.STABLE3-118.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/squid-2.5.STABLE3 -118.i586.rpm

SuSE squid-2.5.STABLE3-118.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/squid-2.5.STA BLE3-118.x86_64.rpm

Squid Web Proxy Cache 2.5 .STABLE5

Fedora squid-2.5.STABLE7-1.FC2.1.i386.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

Fedora squid-2.5.STABLE7-1.FC2.1.x86_64.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

Fedora squid-debuginfo-2.5.STABLE7-1.FC2.1.i386.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

Fedora squid-debuginfo-2.5.STABLE7-1.FC2.1.x86_64.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

RedHat squid-2.5.STABLE9-1.FC2.4.legacy.i386.rpm
Fedora Core 2:
http://download.fedoralegacy.org/fedora/2/updates/i386/squid-2.5.STABL E9-1.FC2.4.legacy.i386.rpm

SuSE squid-2.5.STABLE5-42.27.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/squid-2.5.STABLE5 -42.27.i586.rpm

SuSE squid-2.5.STABLE5-42.27.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/squid-2.5.STA BLE5-42.27.x86_64.rpm

Ubuntu squid-cgi_2.5.5-6ubuntu0.4_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5. 5-6ubuntu0.4_amd64.deb

Ubuntu squid-cgi_2.5.5-6ubuntu0.4_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5. 5-6ubuntu0.4_i386.deb

Ubuntu squid-cgi_2.5.5-6ubuntu0.4_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5. 5-6ubuntu0.4_powerpc.deb

Ubuntu squid-common_2.5.5-6ubuntu0.4_all.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.5 -6ubuntu0.4_all.deb

Ubuntu squid_2.5.5-6ubuntu0.4_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubunt u0.4_amd64.deb

Ubuntu squid_2.5.5-6ubuntu0.4_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubunt u0.4_i386.deb

Ubuntu squid_2.5.5-6ubuntu0.4_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubunt u0.4_powerpc.deb

Ubuntu squidclient_2.5.5-6ubuntu0.4_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2. 5.5-6ubuntu0.4_amd64.deb

Ubuntu squidclient_2.5.5-6ubuntu0.4_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2. 5.5-6ubuntu0.4_i386.deb

Ubuntu squidclient_2.5.5-6ubuntu0.4_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2. 5.5-6ubuntu0.4_powerpc.deb

SGI ProPack 3.0

SGI Patch10144
http://support.sgi.com/

References

Squid Proxy WCCP recvfrom() Buffer Overflow Vulnerability

References:

RHSA-2005:061-19 - Updated Squid package fixes security issues (RedHat)
Up2Date 5.200 (Astaro)
WCCP Buffer Overflow (Squid)