Bug 53334 (CVE-2004-0189)

Summary: VUL-0: CVE-2004-0189: buffer overflow/ACL bypass in squid URL handling
Product: [Novell Products] SUSE Security Incidents Reporter: Sebastian Krahmer <krahmer>
Component: IncidentsAssignee: Klaus Singvogel <kssingvo>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2004-0189: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Sebastian Krahmer 2004-04-05 19:41:13 UTC 
From: Mark J Cox <mjc@redhat.com>
To: Sebastian Krahmer <krahmer@suse.de>
Cc: vendor-sec@lst.de, joey@infodrom.north.de
Subject: Re: [vendor-sec] squid advisory

> a ACL bypass in squid. I did not see this here already, or
> is this an older issue?

It was made public on the Squid web site at the end of February; the "%xx"  
URL decoding function in Squid 2.5STABLE4 and earlier may allow remote
attackers to bypass url_regex ACLs via a URL with a NULL ("%00")
characterm, which causes Squid to use only a portion of the requested URL
when comparing it against the access control lists.  I thought I'd resent
the CVE name Stephen allocated to vendor-sec though I can't find it in the
archive.

       CAN-2004-0189

        http://marc.theaimsgroup.com/?l=squid-cvs&m=107956982502999&w=2
...

Can you check whether we are affected?
Comment 1 Sebastian Krahmer 2004-04-05 19:41:13 UTC 
<!-- SBZ_reproduce  -->
...
Comment 2 Klaus Singvogel 2004-04-05 20:50:42 UTC 
Thanks, but we will distribute squid-2.5.STABLE5 --> not affected.
Comment 3 Thomas Biege 2009-10-13 20:19:07 UTC 
CVE-2004-0189: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)