Search

published date: March 8, 2002

CVE-2002-0068 : Denial of Service Vulnerability

Description

Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters.

Product(s):

  • Squid Squid
  • Red Hat Linux 6.2 on Alpha
  • Red Hat Linux 6.2 on i386
  • Red Hat Linux 6.2 on SPARC
  • Red Hat Linux 7.0 on Alpha
  • Red Hat Linux 7.0 on i386

Question to Ask Vendors:

  1. Can you confirm whether your systems are affected by CVE-2002-0068, and if so, what steps are you currently taking to mitigate this vulnerability?
  2. What is your estimated timeline for fully resolving CVE-2002-0068 in your products or services, and how will you communicate updates on this issue to us as your customer?

READY TO GET RESULTS YOU CAN TRUST?