漏洞信息详情
Squid Proxy Aborted Connection远程拒绝服务漏洞
- CNNVD编号:CNNVD-200504-039
- 危害等级: 低危
- CVE编号: CVE-2005-0718
- 漏洞类型: 其他
- 发布时间: 2005-04-14
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: squid
- 漏洞来源: is credited with the discovery of this issue.');">Henrik Nordstrom <>
漏洞简介
squid是一个缓存internet数据的一个软件,它接收用户的下载申请,并自动处理所下载的数据。也就是说,当一个用户象要下载一个主页时,它向 squid发出一个申请,要squid替它下载,然后squid连接所申请网站并请求该主页,接着把该主页传给用户同时保留一个备份,当别的用户申请同样的页面时,squid把保存的备份立即传给用户,使用户觉得速度相当快。squid可以代理http,ftp,gopher,ssl,wais等协议。 Squid 2.5.STABLE7及之前版本使得远程攻击者可以通过终止(1)PUT或(2)POST请求中的连接,导致Squid访问之前释放的内存,从而发起拒绝服务攻击(记忆段错误)。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: Turbolinux Appliance Server Hosting Edition 1.0 Turbolinux squid-2.5.STABLE6-21.i586.rpm Turbolinux Appliance Server 1.0 Hosting Edition ftp://ftp.turbolinux.co.jp/pub/TurboLinux/ Turbolinux Turbolinux Server 10.0 Turbolinux squid-2.5.STABLE6-21.i586.rpm Turbolinux 10 Server ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/squid-2.5.STABLE6-21.i586.rpm Turbolinux squid-debug-2.5.STABLE6-21.i586.rpm Turbolinux 10 Server ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/squid-debug-2.5.STABLE6-21.i586.rpm Squid Web Proxy Cache 2.4 .STABLE6 RedHat squid-2.4.STABLE7-0.73.3.legacy.i386.rpm Red Hat Linux 7.3: http://download.fedoralegacy.org/redhat/7.3/updates/i386/squid-2.4.STA BLE7-0.73.3.legacy.i386.rpm Squid Web Proxy Cache 2.5 .STABLE3 RedHat squid-2.5.STABLE3-2.fc1.6.legacy.i386.rpm Fedora Core 1: http://download.fedoralegacy.org/fedora/1/updates/i386/squid-2.5.STABL E3-2.fc1.6.legacy.i386.rpm Squid Web Proxy Cache 2.5 .STABLE7 Squid squid-2.5.STABLE7-post.patch http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7- post.patch Squid Web Proxy Cache 2.5 .STABLE1 RedHat squid-2.5.STABLE1-9.10.legacy.i386.rpm Red Hat Linux 9: http://download.fedoralegacy.org/redhat/9/updates/i386/squid-2.5.STABL E1-9.10.legacy.i386.rpm Squid Web Proxy Cache 2.5 .STABLE5 Conectiva squid-2.5.5-63116U10_8cl.i386.rpm ftp://atualizacoes.conectiva.com.br/10/RPMS/squid-2.5.5-63116U10_8cl.i 386.rpm Conectiva squid-2.5.5-76327U90_10cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/squid-2.5.5-76327U90_10cl.i 386.rpm Conectiva squid-auth-2.5.5-63116U10_8cl.i386.rpm ftp://atualizacoes.conectiva.com.br/10/RPMS/squid-auth-2.5.5-63116U10_ 8cl.i386.rpm Conectiva squid-auth-2.5.5-76327U90_10cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/squid-auth-2.5.5-76327U90_1 0cl.i386.rpm Conectiva squid-extra-templates-2.5.5-63116U10_8cl.i386.rpm ftp://atualizacoes.conectiva.com.br/10/RPMS/squid-extra-templates-2.5. 5-63116U10_8cl.i386.rpm Conectiva squid-extra-templates-2.5.5-76327U90_10cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/squid-extra-templates-2.5.5 -76327U90_10cl.i386.rpm RedHat squid-2.5.STABLE9-1.FC2.4.legacy.i386.rpm Fedora Core 2: http://download.fedoralegacy.org/fedora/2/updates/i386/squid-2.5.STABL E9-1.FC2.4.legacy.i386.rpm Ubuntu squid-cgi_2.5.5-6ubuntu0.7_amd64.deb Ubuntu 4.10 (Warty Warthog) http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5. 5-6ubuntu0.7_amd64.deb Ubuntu squid-cgi_2.5.5-6ubuntu0.7_i386.deb Ubuntu 4.10 (Warty Warthog) http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5. 5-6ubuntu0.7_i386.deb Ubuntu squid-cgi_2.5.5-6ubuntu0.7_powerpc.deb Ubuntu 4.10 (Warty Warthog) http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5. 5-6ubuntu0.7_powerpc.deb Ubuntu squid-common_2.5.5-6ubuntu0.7_all.deb Ubuntu 4.10 (Warty Warthog) http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.5 -6ubuntu0.7_all.deb Ubuntu squid_2.5.5-6ubuntu0.7_amd64.deb Ubuntu 4.10 (Warty Warthog) http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubunt u0.7_amd64.deb Ubuntu squid_2.5.5-6ubuntu0.7_i386.deb Ubuntu 4.10 (Warty Warthog) http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubunt u0.7_i386.deb Ubuntu squid_2.5.5-6ubuntu0.7_powerpc.deb Ubuntu 4.10 (Warty Warthog) http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubunt u0.7_powerpc.deb Ubuntu squidclient_2.5.5-6ubuntu0.7_amd64.deb Ubuntu 4.10 (Warty Warthog) http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2. 5.5-6ubuntu0.7_amd64.deb Ubuntu squidclient_2.5.5-6ubuntu0.7_i386.deb Ubuntu 4.10 (Warty Warthog) http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2. 5.5-6ubuntu0.7_i386.deb Ubuntu squidclient_2.5.5-6ubuntu0.7_powerpc.deb Ubuntu 4.10 (Warty Warthog) http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2. 5.5-6ubuntu0.7_powerpc.deb Turbolinux Turbolinux Workstation 7.0 Turbolinux squid-2.5.STABLE6-21.i586.rpm Turbolinux 7 Workstation ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 7/updates/RPMS/squid-2.5.STABLE6-21.i586.rpm
参考网址
来源: www1.uk.squid-cache.org 链接:http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post 来源: UBUNTU 名称: USN-111-1 链接:http://www.ubuntulinux.org/support/documentation/usn/usn-111-1 来源: www.squid-cache.org 链接:http://www.squid-cache.org/bugs/show_bug.cgi?id=1224 来源: REDHAT 名称: RHSA-2005:415 链接:http://www.redhat.com/support/errata/RHSA-2005-415.HTML 来源: CONECTIVA 名称: CLA-2005:931 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931 来源: XF 名称: squid-put-post-dos(19919) 链接:http://xforce.iss.net/xforce/xfdb/19919 来源: BID 名称: 13166 链接:http://www.securityfocus.com/bid/13166 来源: REDHAT 名称: RHSA-2005:489 链接:http://www.redhat.com/support/errata/RHSA-2005-489.HTML 来源: SECUNIA 名称: 12508 链接:http://secunia.com/advisories/12508 来源: FEDORA 名称: FLSA-2006:152809 链接:http://fedoranews.org/updates/FEDORA--.sHTML
受影响实体
- Squid Squid:2.0.Patch1
- Squid Squid:2.0.Patch2
- Squid Squid:2.0.Pre1
- Squid Squid:2.0.Release
- Squid Squid:2.1.Patch1
补丁
暂无
评论