Published: 02/05/2005 Updated: 11/10/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Squid 2.5.STABLE8 and previous versions allows remote malicious users to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure.

Vulnerable Product	Search on Vulmon	Subscribe to Product
squid squid 2.1.patch1
squid squid 2.1.patch2
squid squid 2.2.devel4
squid squid 2.2.pre1
squid squid 2.3.devel3
squid squid 2.3.stable1
squid squid 2.3_stable5
squid squid 2.4
squid squid 2.4_.stable2
squid squid 2.4_.stable6
squid squid 2.4_.stable7
squid squid 2.5.stable5
squid squid 2.5.stable6
squid squid 2.5_.stable6
squid squid 2.5_stable3
squid squid 2.0.patch1
squid squid 2.1.pre1
squid squid 2.1.pre3
squid squid 2.2.pre2
squid squid 2.2.stable1
squid squid 2.2.stable2
squid squid 2.3.stable2
squid squid 2.3.stable3
squid squid 2.4.stable1
squid squid 2.4.stable2
squid squid 2.4_stable7
squid squid 2.5.6
squid squid 2.5.stable7
squid squid 2.5.stable8
squid squid 2.5_stable4
squid squid 2.5_stable9
squid squid 2.0.release
squid squid 2.0_patch2
squid squid 2.1_patch2
squid squid 2.2.devel3
squid squid 2.2.stable5
squid squid 2.3.devel2
squid squid 2.3_.stable4
squid squid 2.3_.stable5
squid squid 2.4.stable6
squid squid 2.4.stable7
squid squid 2.5.stable3
squid squid 2.5.stable4
squid squid 2.5_.stable4
squid squid 2.5_.stable5
squid squid 2.0.patch2
squid squid 2.0.pre1
squid squid 2.1.pre4
squid squid 2.1.release
squid squid 2.2.stable3
squid squid 2.2.stable4
squid squid 2.3.stable4
squid squid 2.3.stable5
squid squid 2.4.stable3
squid squid 2.4.stable4
squid squid 2.5.stable1
squid squid 2.5.stable2
squid squid 2.5_.stable1
squid squid 2.5_.stable3

When parsing the configuration file, squid interpreted empty Access Control Lists (ACLs) without defined authentication schemes in a non-obvious way This could allow remote attackers to bypass intended ACLs (CAN-2005-0194) ...

Synopsis squid security update Type/Severity Security Advisory: Moderate Topic An updated squid package that fixes a denial of service issue is nowavailable for Red Hat Enterprise Linux 4This update has been rated as having moderate security impact by the RedHat Security Response Team Description ...

Synopsis squid security update Type/Severity Security Advisory: Moderate Topic Updated squid packages that fix a denial of service issue are now availableThis update has been rated as having important security impact by the RedHat Security Response Team Description Squid is a full-featured ...

NVD-CWE-Other http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE8-dns_assert.patch http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931 http://www.debian.org/security/2005/dsa-688 http://www.gentoo.org/security/en/glsa/glsa-200502-25.xml http://www.redhat.com/support/errata/RHSA-2005-173.html http://secunia.com/advisories/14271 http://fedoranews.org/updates/FEDORA--.shtml http://www.securityfocus.com/bid/12551 http://www.redhat.com/support/errata/RHSA-2005-201.html http://www.mandriva.com/security/advisories?name=MDKSA-2005:047 http://marc.info/?l=bugtraq&m=110901183320453&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/19332 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11264 https://usn.ubuntu.com/84-1/https://nvd.nist.gov

CVE-2005-0446

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect