Description
Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters.
Product(s):
- Squid Squid
- Red Hat Linux 6.2 on Alpha
- Red Hat Linux 6.2 on i386
- Red Hat Linux 6.2 on SPARC
- Red Hat Linux 7.0 on Alpha
- Red Hat Linux 7.0 on i386
- Red Hat Linux 7.1 on Alpha
- Red Hat Linux 7.1 on i386
- Red Hat Linux 7.1 on IA64
- Red Hat Linux 7.2 on I386
- Red Hat Linux 7.2 on IA64
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2002-0068, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2002-0068 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.