exploit the possibilities
Showing 1 - 3 of 3 RSS Feed

CVE-2007-0247

Status Candidate

Overview

squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions.

Related Files

Ubuntu Security Notice 414-1
Posted Jan 27, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 414-1 - David Duncan Ross Palmer and Henrik Nordstrom discovered that squid incorrectly handled special characters in FTP URLs. Remote users with access to squid could crash the server leading to a denial of service. Erick Dantas Rotole and Henrik Nordstrom discovered that squid could end up in an endless loop when exhausted of available external ACL helpers. Remote users with access to squid could cause CPU starvation, possibly leading to a denial of service. This does not affect a default Ubuntu installation, since external ACL helpers must be configured and used.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2007-0247, CVE-2007-0248
MD5 | 6fc3f283654dd2781fc2b61734798aa0
Mandriva Linux Security Advisory 2007.026
Posted Jan 24, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A vulnerability in squid was discovered that could be remotely exploited by using a special ftp:// URL. Another Denial of Service vulnerability was discovered in squid 2.6 that allows remote attackers to crash the server by causing an external_acl_queue overload. Additionally, a bug in squid 2.6 for max_user_ip handling in ntlm_auth has been corrected.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2007-0247, CVE-2007-0248
MD5 | 0991f5bc1631bd1bb6346665338731d8
SUSE-SA-2007-012.txt
Posted Jan 24, 2007
Site suse.com

SUSE Security Announcement - This update fixes a remotely exploitable denial-of-service bug in squid that can be triggered by using special ftp:// URLs. Additionally the 10.2 package needed a fix for another DoS bug and for max_user_ip handling in ntlm_auth.

tags | advisory
systems | linux, suse
advisories | CVE-2007-0247, CVE-2007-0248
MD5 | 1a75a6823f4c2dac88eca047c2e5e9a3
Page 1 of 1
Back1Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    12 Files
  • 4
    Jul 4th
    1 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    25 Files
  • 7
    Jul 7th
    35 Files
  • 8
    Jul 8th
    4 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close