FreeBSD Ports: Squid Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Solution

Update your system with the appropriate patches or software upgrades. http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_denial_of_service http://www.squid-cache.org/bugs/show_bug.cgi?id=1190 http://www.squid-cache.org/Advisories/SQUID-2005_2.txt http://www.vuxml.org/freebsd/5fe7e27a-64cb-11d9-9e1e-c296ac722cb3.html

Insight

The following package is affected: squid CVE-2005-0095 The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers.

Severity

Classification

CVE CVE-2005-0095
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

FreeBSD Ports: asterisk18
FreeBSD Ports: bind96
FreeBSD Ports: ap20-mod_pubcookie
FreeBSD Ports: bind
FreeBSD Ports: apache

FreeBSD Ports: squid

Take action and discover your vulnerabilities