漏洞信息详情

Squid代理超大HTTP头未指定的远程漏洞

  • CNNVD编号:CNNVD-200502-009
  • 危害等级: 中危
  • CVE编号: CVE-2005-0174
  • 漏洞类型: 资料不足
  • 发布时间: 2005-02-07
  • 威胁类型: 远程
  • 更新时间: 2005-10-20
  • 厂        商: squid
  • 漏洞来源: The individual or ...

漏洞简介

Squid 是一个流行的自由软件(GNU通用公共许可证)的代理服务器和Web缓存服务器。 Squid 2.5到2.5.STABLE7可让远程攻击者通过不符合HTTP规范的头使高速缓存中毒或执行特定的攻击,这些不符合规范的头包括(1)多个Content-Length头,(2)不属于CRLF对的回车(CR)符,以及(3)包含空格字符的头名称。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: Squid Web Proxy Cache 2.5 .STABLE4 Mandrake squid-2.5.STABLE4-1.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE4-1.2.100mdk.amd64.rpm Mandrake Linux 10.0/AMD64 http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE4-1.2.100mdk.i586.rpm Mandrake Linux 10.0 http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE4-2.1.100mdk.amd64.rpm Mandrake Linux 10.0/AMD64 http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE4-2.1.100mdk.i586.rpm Mandrake Linux 10.0 http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE4-2.2.100mdk.amd64.rpm Mandrake Linux 10.0/AMD64 http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE4-2.2.100mdk.i586.rpm Mandrake Linux 10.0 http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE4-2.3.100mdk.amd64.rpm Mandrake Linux 10.0/AMD64 http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE4-2.3.100mdk.i586.rpm Mandrake Linux 10.0 http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE4-2.3.C30mdk.i586.rpm Mandrake Corporate Server 3.0 http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE4-2.4.100mdk.amd64.rpm Mandrake Linux 10.0/AMD64 http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE4-2.4.100mdk.i586.rpm Mandrake Linux 10.0 http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE4-2.4.C30mdk.i586.rpm Mandrake Corporate Server 3.0 http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE4-2.4.C30mdk.x86_64.rpm Mandrake Corporate Server 3.0/x86_64 http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE4-2.5.100mdk.amd64.rpm Mandrake Linux 10.0/AMD64 http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE4-2.5.100mdk.i586.rpm Mandrake Linux 10.0 http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE4-2.5.C30mdk.i586.rpm Mandrake Corporate Server 3.0 http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE4-2.5.C30mdk.x86_64.rpm Mandrake Corporate Server 3.0/x86_64 http://www.mandrakesecure.net/en/ftp.php Squid Web Proxy Cache 2.5 .STABLE7 Squid squid-2.5.STABLE7-oversize_reply_headers.patch http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-over size_reply_headers.patch Squid Web Proxy Cache 2.5 .STABLE6 Fedora squid-2.5.STABLE9-1.FC3.6.i386.rpm RedHat Fedora Core 3 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ Fedora squid-2.5.STABLE9-1.FC3.6.x86_64.rpm RedHat Fedora Core 3 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ Fedora squid-debuginfo-2.5.STABLE9-1.FC3.6.i386.rpm RedHat Fedora Core 3 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ Fedora squid-debuginfo-2.5.STABLE9-1.FC3.6.x86_64.rpm RedHat Fedora Core 3 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ Mandrake squid-2.5.STABLE6-2.2.101mdk.i586.rpm Mandrake Linux 10.1 http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE6-2.2.101mdk.x86_64.rpm Mandrake Linux 10.1/x86_64 http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE6-2.3.101mdk.i586.rpm Mandrake Linux 10.1 http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE6-2.3.101mdk.x86_64.rpm Mandrake Linux 10.1/x86_64 http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE6-2.4.101mdk.x86_64.rpm Mandrake Linux 10.1/x86_64 http://www.mandrakesecure.net/en/ftp.php SuSE squid-2.5.STABLE6-6.4.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/squid-2.5.STABLE6 -6.4.i586.rpm SuSE squid-2.5.STABLE6-6.4.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/squid-2.5.STA BLE6-6.4.x86_64.rpm SuSE squid-2.5.STABLE6-6.6.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/squid-2.5.STABLE6 -6.6.i586.rpm SuSE squid-2.5.STABLE6-6.6.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/squid-2.5.STA BLE6-6.6.x86_64.rpm Turbolinux squid-2.5.STABLE10-3.i586.rpm Turbolinux 10 Server ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/squid-2.5.STABLE10-3.i586.rpm Turbolinux squid-debug-2.5.STABLE10-3.i586.rpm Turbolinux 10 Server: ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/squid-debug-2.5.STABLE10-3.i586.rpm Squid Web Proxy Cache 2.5 .STABLE1 Mandrake squid-2.5.STABLE1-7.1.91mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE1-7.1.91mdk.ppc.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE1-7.2.91mdk.i586.rpm Mandrake Linux 9.1 http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE1-7.2.91mdk.ppc.rpm Mandrake Linux 9.1/PPC http://www.mandrakesecure.net/en/ftp.php RedHat squid-2.5.STABLE1-9.10.legacy.i386.rpm Red Hat Linux 9: http://download.fedoralegacy.org/redhat/9/updates/i386/squid-2.5.STABL E1-9.10.legacy.i386.rpm SuSE squid-2.5.STABLE1-104.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/squid-2.5.STABLE1 -104.i586.rpm SuSE squid-2.5.STABLE1-106.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/squid-2.5.STABLE1 -106.i586.rpm Squid Web Proxy Cache 2.5 .STABLE3 Mandrake squid-2.5.STABLE3-3.1.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE3-3.1.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE3-3.2.92mdk.amd64.rpm Mandrake Linux 9.2/AMD64 http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE3-3.2.92mdk.i586.rpm Mandrake Linux 9.2 http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE3-3.3.92mdk.amd64.rpm Mandrake Linux 9.2/AMD64 http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE3-3.3.92mdk.i586.rpm Mandrake Linux 9.2 http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE3-3.4.92mdk.amd64.rpm Mandrake Linux 9.2/AMD64 http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE3-3.4.92mdk.i586.rpm Mandrake Linux 9.2 http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE3-3.5.92mdk.amd64.rpm Mandrake Linux 9.2/AMD64 http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE3-3.5.92mdk.i586.rpm Mandrake Linux 9.2 http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE3-3.6.92mdk.amd64.rpm Mandrake Linux 9.2/AMD64 http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE3-3.6.92mdk.i586.rpm Mandrake Linux 9.2 http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE3-3.7.92mdk.amd64.rpm Mandrake Linux 9.2/AMD64 http://www.mandrakesecure.net/en/ftp.php Mandrake squid-2.5.STABLE3-3.7.92mdk.i586.rpm Mandrake Linux 9.2 http://www.mandrakesecure.net/en/ftp.php RedHat squid-2.5.STABLE3-2.fc1.6.legacy.i386.rpm Fedora Core 1: http://download.fedoralegacy.org/fedora/1/updates/i386/squid-2.5.STABL E3-2.fc1.6.legacy.i386.rpm SuSE squid-2.5.STABLE3-116.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/squid-2.5.STABLE3 -116.i586.rpm SuSE squid-2.5.STABLE3-116.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/squid-2.5.STA BLE3-116.x86_64.rpm SuSE squid-2.5.STABLE3-118.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/squid-2.5.STABLE3 -118.i586.rpm SuSE squid-2.5.STABLE3-118.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/squid-2.5.STA BLE3-118.x86_64.rpm Squid Web Proxy Cache 2.5 .STABLE5 RedHat squid-2.5.STABLE9-1.FC2.4.legacy.i386.rpm Fedora Core 2: http://download.fedoralegacy.org/fedora/2/updates/i386/squid-2.5.STABL E9-1.FC2.4.legacy.i386.rpm SuSE squid-2.5.STABLE5-42.24.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/squid-2.5.STABLE5 -42.24.i586.rpm SuSE squid-2.5.STABLE5-42.24.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/squid-2.5.STA BLE5-42.24.x86_64.rpm SuSE squid-2.5.STABLE5-42.27.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/squid-2.5.STABLE5 -42.27.i586.rpm SuSE squid-2.5.STABLE5-42.27.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/squid-2.5.STA BLE5-42.27.x86_64.rpm Ubuntu squid-cgi_2.5.5-6ubuntu0.4_amd64.deb Ubuntu 4.10 (Warty Warthog) http://security.ubuntu.com/ubuntu/pool

参考网址

US-CERT Vulnerability Note: VU#768702 名称: VU#768702 链接:http://www.kb.cert.org/vuls/id/768702 来源: REDHAT 名称: RHSA-2005:061 链接:http://www.redhat.com/support/errata/RHSA-2005-061.html 来源: REDHAT 名称: RHSA-2005:060 链接:http://www.redhat.com/support/errata/RHSA-2005-060.html 来源: www.squid-cache.org 链接:http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing 来源: FEDORA 名称: FEDORA-2005-373 链接:http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html 来源: SUSE 名称: SUSE-SA:2005:006 链接:http://www.novell.com/linux/security/advisories/2005_06_squid.html 来源: BUGTRAQ 名称: 20050207 [USN-77-1] Squid vulnerabilities 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=110780531820947&w=2 来源: CONECTIVA 名称: CLA-2005:931 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931 来源: BID 名称: 12412 链接:http://www.securityfocus.com/bid/12412 来源: MANDRAKE 名称: MDKSA-2005:034 链接:http://www.mandriva.com/security/advisories?name=MDKSA-2005:034 来源: FEDORA 名称: FLSA-2006:152809 链接:http://fedoranews.org/updates/FEDORA--.shtml

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多