CVE-2004-0918 – Squid SNMP DoS
https://notcve.org/view.php?id=CVE-2004-0918
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923 http://fedoranews.org/updates/FEDORA--.shtml http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://marc.info/?l=bugtraq&m=109913064629327&w=2 http://secunia.com/advisories/30914 http://secunia.com/advisories/30967 http://www.gentoo.org/security/en/glsa/glsa-200410-15.xml http://www.idefense.com/application& • CWE-399: Resource Management Errors •
CVE-2004-0832
https://notcve.org/view.php?id=CVE-2004-0832
The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy. Las funciones ntlm_fetch_string y ntlm_get_string en Squid 2.5.6 y anteriores, con autenticación NTLM activada, permite a atacantes remotos causar una denegación de servicio (caída de aplicación) mediante un paquete NTLMSSP que hace que se pase un valor negativo a memcpy. • http://fedoranews.org/updates/FEDORA--.shtml http://www.gentoo.org/security/en/glsa/glsa-200409-04.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:093 http://www.securityfocus.com/bid/11098 http://www.squid-cache.org/bugs/show_bug.cgi?id=1045 http://www.trustix.org/errata/2004/0047 http://www1.uk.squid-cache.org/squid/Versions/v2/2.5/bugs/#squid-2.5.STABLE6-ntlm_fetch_string https://exchange.xforce.ibmcloud.com/vulnerabilities/17218 https://ov •
CVE-2004-0189 – Squid Proxy 2.4/2.5 - NULL URL Character Unauthorized Access
https://notcve.org/view.php?id=CVE-2004-0189
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists. La función de decodificación de URL "%xx" en Squid 2.5STABLE4 y anteriores permite a atacantes remotos saltarse las listas de control de acceso (ACL) url_regex mediante una URL con un carácter nulo ("%00"), lo que hace que Squid use sólo un parte de la URL solicitada para compararla con la lista de control de acceso. • https://www.exploit-db.com/exploits/23777 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000838 http://marc.info/?l=bugtraq&m=108084935904110&w=2 http://security.gentoo.org/glsa/glsa-200403-11.xml http://www.debian.org/security/2004/dsa-474 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025 http:& •
CVE-2002-2414
https://notcve.org/view.php?id=CVE-2002-2414
Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash). • http://marc.info/?l=full-disclosure&m=103783186608438&w=2 http://www.iss.net/security_center/static/10673.php http://www.securityfocus.com/bid/6218 •
CVE-2002-0714
https://notcve.org/view.php?id=CVE-2002-0714
FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses. • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000506 http://marc.info/?l=bugtraq&m=102674543407606&w=2 http://rhn.redhat.com/errata/RHSA-2002-051.html http://rhn.redhat.com/errata/RHSA-2002-130.html http://www.iss.net/security_center/static/9479.php http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php http://www.osvdb.org/5924 http://www.securityfocus.com/bid/5158 •