OpenBSD VuXML: Documenting security issues in the OpenBSD Ports & Packages Collection

squid -- multiple vulnerabilities

Affected packages
squid < 2.5.STABLE10

Details

VuXML ID cf9986f2-cd8d-11d9-a230-00065bd5b0b6
Discovery 2005-05-11
Entry 2005-05-25

The squid patches page notes:

Malicious users may spoof DNS lookups if the DNS client UDP port (random, assigned by OS as startup) is unfiltered and your network is not protected from IP spoofing.

[source]

This patch adds access controls to the cachemgr.cgi script, preventing it from being abused to reach other servers than allowed in a local configuration file.

[source]

References

CVE Name CAN-2005-1519
CVE Name CVE-1999-0710
URL http://secunia.com/advisories/15294
URL http://www.squid-cache.org/bugs/show_bug.cgi?id=1094
URL http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-cachemgr_conf
URL http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_reply

Copyright © 2003-2005 Jacques Vidrine, Robert Nagy, and contributors.
Please see the source of this document for full copyright information.