Bug 65023 - (CVE-2005-0175) VUL-0: CVE-2005-0175: squid: several security related bugs
VUL-0: CVE-2005-0175: squid: several security related bugs
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
All Linux
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
CVE-2005-0175: CVSS v2 Base Score: 5....
Depends on:
  Show dependency treegraph
Reported: 2005-01-20 19:42 UTC by Thomas Biege
Modified: 2021-10-27 11:52 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Biege 2005-01-20 19:42:27 UTC
Hi Klaus, 
here is the requested bugzilla-entry. :) 
From: Martin Schulze <joey@infodrom.org> 
To: Free Software Distribution Vendors <vendor-sec@lst.de> 
Message-ID: <20050119072037.GA8820@finlandia.infodrom.north.de> 
X-Spam-Score: -4.901 () BAYES_00 
Subject: [vendor-sec] CAN-2005-009[4-7]: Denial of service in Squid 
Date: Wed, 19 Jan 2005 08:20:38 +0100 
    "infamous41md" discovered a buffer overflow in the parser for 
    Gopher responses which will lead to memory corruption and usually 
    crash Squid. 
    "infamous41md" discovered an integer overflow in the receiver of 
    WCCP (Web Cache Communication Protocol) messages.  An attacker 
    could send a specially crafted UDP datagram that will cause Squid 
    to crash. 
    Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 
    earlier allows remote attackers to cause a denial of service (memory 
    The NTLM component in Squid 2.5.STABLE7 and earlier allows remote 
    attackers to cause a denial of service (crash) via a malformed NTLM 
    type 3 message. 
Ten years and still binary compatible.  -- XFree86 
Vendor Security mailing list 
Vendor Security@lst.de 
Comment 1 Thomas Biege 2005-01-20 19:42:28 UTC
<!-- SBZ_reproduce  -->
Comment 2 Thomas Biege 2005-01-20 20:02:12 UTC
Comment 3 Thomas Biege 2005-01-25 20:16:36 UTC
Hi Klaus, 
can you outline the current status please. 
Comment 4 Klaus Singvogel 2005-01-26 00:16:24 UTC
working on it... 
realized, that I want to check out, if are affected by bugzilla#49288 either 
in other SuLi versions... 
Comment 5 Klaus Singvogel 2005-01-26 02:12:12 UTC
BTW: I'm trying to fix these security issues either (no CAN-# found) 
but some of these aren't very short and many changes have been done between 
SLES8 squid and current. :( 
Comment 6 Klaus Singvogel 2005-01-28 00:36:56 UTC
Submitted new packages. Here is a overview of the patches (best viewed with 
fixed font :-) 
                                         8.1   8.2   9.0   9.1   9.2 
CAN-2005-0094  gopher_html_parsing       o.k.  o.k.  o.k.  o.k.  o.k. 
CAN-2005-0095  wccp_denial_of_service    mod   o.k.  o.k.  o.k.  o.k. 
CAN-2005-0097  fakeauth_auth             n.a.  o.k.  o.k.  o.k.  o.k. 
CAN-2005-0096  fakeauth_auth             n.a.  o.k.  o.k.  o.k.  o.k. 
               ldap_spaces               mod   mod   mod   mod   o.k. 
               response_splitting        -     mod   mod   mod   o.k. 
               header_parsing            -     -     -     -     - 
n.a.: not affected = functionality missing in this version 
o.k:  upstream patch applied without any problems 
mod:  upstream patch needed modifications to get applied 
-     major functionality missing, like the FD abstraction layer; 
       cannot apply this patch 
8.1 includes 8.1, SLES8, SLEC, UL, etc. 
9.1 includes 9.1, SLES9, SLD, etc. 
Security team: 
can you please handle next steps of update step, like SWAMP/patchinfo file? 
Testing team: 
didn't tested much, please take care. 
Comment 7 Thomas Biege 2005-01-28 17:00:01 UTC
Thanks Klaus. 
Comment 8 Thomas Biege 2005-01-28 18:04:50 UTC
`patchinfo-box.squid' -> `/work/src/done/PATCHINFO/patchinfo-box.squid' 
`patchinfo.squid' -> `/work/src/done/PATCHINFO/patchinfo.squid' 
Comment 9 Marcus Meissner 2005-01-28 22:35:40 UTC
>These issues were just reported to vendor-sec.                                  
OK.  I'm treating these as "not sufficiently public" so there isn't              
any information in the CANs themselves.                                          
>Sanity check usernames in squid_ldap_auth                                       
>LDAP is very forgiving about spaces in search filters and this could            
>be abused to log in using several variants of the login name, possibly          
>bypassing explicit access controls or confusing accounting                      
Use CAN-2005-0173                                                                
>Reject malformed HTTP requests and responses that conflict with the             
>HTTP specifications                                                             
>This patch makes Squid considerably stricter while parsing the HTTP             
If it just rejected malformed requests because they might be bad, I              
wouldn't normally assign a CAN.  However, some cache poisoning in                
Squid can happen as a result of the Content-Length issue, so:                    
Use CAN-2005-0174                                                                
>Strengthen Squid from HTTP response splitting cache pollution attack            
Use CAN-2005-0175                                                                
Comment 10 Thomas Biege 2005-02-01 19:48:37 UTC
packages approved
Comment 11 Thomas Biege 2009-10-13 20:59:03 UTC
CVE-2005-0175: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)