Bug 129639 - VUL-0: squid: denial-of-service in rfc1738_do_escape function
Summary: VUL-0: squid: denial-of-service in rfc1738_do_escape function
Status: RESOLVED FIXED
: CVE-2005-3258 (view as bug list)
Alias: None
Product: SUSE Linux 10.1
Classification: openSUSE
Component: Network (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Normal (vote)
Target Milestone: ---
Assignee: Security Team bot
QA Contact: E-mail List
URL:
Whiteboard: CVE-2005-2917: CVSS v2 Base Score: 5....
Keywords:
Depends on:
Blocks:
 
Reported: 2005-10-20 07:07 UTC by Thomas Biege
Modified: 2009-10-13 21:42 UTC (History)
3 users (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Biege 2005-10-20 07:07:51 UTC 
Hello Klaus,
we got a new one.

======================================================
Candidate: CVE-2005-3258
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3258
Reference:
CONFIRM:http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE11-rfc1738_do_escape

The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and
earlier allows remote FTP servers to cause a denial of service
(segmentation fault) via certain crafted responses.
Comment 1 Marcus Meissner 2005-10-21 11:27:56 UTC 
*** Bug 129934 has been marked as a duplicate of this bug. ***
Comment 2 Klaus Singvogel 2005-10-27 15:36:46 UTC 
So I submitted fixed packages for all maintained products:
SLES8, 9.0, 9.1 (SLES9), 9.2, 9.3, 10.0, STABLE

This security update goes in sync with bugzilla#117414

security-team please handle rest of process.

QA: needed to adapt the patch for many distributions. Please test ftp-transfer a bit more.
Comment 3 Thomas Biege 2005-11-14 11:04:30 UTC 
packages released
Comment 4 Thomas Biege 2009-10-13 21:42:43 UTC 
CVE-2005-2917: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)