{"vuid":"VU#613459","idnumber":"613459","name":"Squid Proxy Server contains buffer overflow in parsing of the authentication portion of FTP URLs","keywords":["Squid Proxy Server","buffer overflow","parsing","authentication","FTP URL"],"overview":"There is a remotely exploitable buffer overflow in the Squid proxy/cache server. Exploitation of this vulnerability could lead to an intruder gaining a shell on the target Squid server.","clean_desc":"Squid versions 2.3 and 2.4 are vulnerable to a buffer overflow in the code that parses FTP requests. A crafted FTP request can cause a Squid child process to dump core, and multiple requests can cause a denial of service. It is also reported that this vulnerability may be exploitable to allow arbitrary execution of code. This is not yet confirmed, and does not seem to be a trivial task. In order to exploit this vulnerability, the attacker must be a local user, or the server must permit anonymous logins.","impact":"Exploitation of this vulnerability results in a denial of service. It could also permit an intruder to execute arbitrary code on the target Squid server with the privileges of the Squid process, usually super-user/root. Note that exploiting this vulnerability to execute arbitrary code is not yet confirmed.","resolution":"Upgrade to Squid-2.4.STABLE4 or apply the patches provided by your vendor.","workarounds":"Configure the Squid server to drop super-user/root privilege by specifying the chroot option used in squid.conf. If this is done, the attacker will only be able to execute arbitrary code as the user specified in the configuration file.","sysaffected":"","thanks":"Our thanks to Jouko Pynnönen of Online Solutions Ltd, who discovered and reported on this vulnerability.","author":"This document was written by Jason Rafail and is based on the advisory by Jouko Pynnönen.","public":["http://www.securityfocus.com/bid/4148","http://www.squid-cache.org/","http://archives.neohapsis.com/archives/bugtraq/2002-02/0251.html"],"cveids":["CVE-2002-0068"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2002-02-21T14:30:44Z","publicdate":"2002-02-21T00:00:00Z","datefirstpublished":"2002-03-04T16:32:35Z","dateupdated":"2002-03-06T15:20:36Z","revision":10,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"18","cam_exploitation":"0","cam_internetinfrastructure":"14","cam_population":"10","cam_impact":"19","cam_easeofexploitation":"14","cam_attackeraccessrequired":"10","cam_scorecurrent":"15.96","cam_scorecurrentwidelyknown":"16.9575","cam_scorecurrentwidelyknownexploited":"26.9325","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":15.96,"vulnote":null}