Executive Summary
Summary | |
---|---|
Title | New PostgreSQL packages fix arbitrary library loading |
Informations | |||
---|---|---|---|
Name | DSA-667 | First vendor Publication | 2005-02-04 |
Vendor | Debian | Last vendor Modification | 2005-02-04 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
John Heasman and others discovered a bug in the PostgreSQL engine which would allow any user load an arbitrary local library into it. For the stable distribution (woody) this problem has been fixed in version 7.2.1-2woody7. For the unstable distribution (sid) this problem has been fixed in version 7.4.7-1. We recommend that you upgrade your postgresql packages. |
Original Source
Url : http://www.debian.org/security/2005/dsa-667 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10251 | |||
Oval ID: | oval:org.mitre.oval:def:10251 | ||
Title: | The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference. | ||
Description: | squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0173 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11605 | |||
Oval ID: | oval:org.mitre.oval:def:11605 | ||
Title: | Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack. | ||
Description: | Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0175 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9573 | |||
Oval ID: | oval:org.mitre.oval:def:9573 | ||
Title: | Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack. | ||
Description: | Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0211 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for squid File : nvt/sles9p5015273.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200501-25 (squid) File : nvt/glsa_200501_25.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200502-04 (squid) File : nvt/glsa_200502_04.nasl |
2008-09-04 | Name : FreeBSD Ports: squid File : nvt/freebsd_squid1.nasl |
2008-09-04 | Name : FreeBSD Ports: squid File : nvt/freebsd_squid3.nasl |
2008-09-04 | Name : FreeBSD Ports: squid File : nvt/freebsd_squid4.nasl |
2008-09-04 | Name : FreeBSD Ports: squid File : nvt/freebsd_squid7.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 667-1 (postgresql) File : nvt/deb_667_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
13346 | Squid HTTP Response Splitting Cache Poisoning |
13319 | Squid WCCP recvfrom() Function Overflow |
13054 | Squid LDAP Proxy Username Whitespace Login Bypass Squid contains a flaw that may allow a malicious user to bypass access controls. The issue is triggered when a user adds spaces as padding around the username, when Squid authenticates against LDAP. It is possible that the flaw may allow circumvention of access controls resulting in a loss of integrity. |
12633 | Squid Empty ACL Configuration Confusion |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Squid proxy long WCCP packet RuleID : 12222 - Revision : 8 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-84-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-77-1.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_23fb5a04722b11d99e1ec296ac722cb3.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_4e4bd2c26bd511d99e1ec296ac722cb3.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_7a921e9e68b111d99e1ec296ac722cb3.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_a30e5e44544011d99e1ec296ac722cb3.nasl - Type : ACT_GATHER_INFO |
2005-05-19 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-373.nasl - Type : ACT_GATHER_INFO |
2005-05-02 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2005-078.nasl - Type : ACT_GATHER_INFO |
2005-02-22 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-060.nasl - Type : ACT_GATHER_INFO |
2005-02-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200502-04.nasl - Type : ACT_GATHER_INFO |
2005-02-14 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-061.nasl - Type : ACT_GATHER_INFO |
2005-02-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200501-25.nasl - Type : ACT_GATHER_INFO |
2005-02-11 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2005-034.nasl - Type : ACT_GATHER_INFO |
2005-02-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-667.nasl - Type : ACT_GATHER_INFO |
2005-02-10 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_006.nasl - Type : ACT_GATHER_INFO |
2005-02-02 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-106.nasl - Type : ACT_GATHER_INFO |
2005-02-02 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-105.nasl - Type : ACT_GATHER_INFO |
2005-01-18 | Name : The remote proxy server is affected by multiple vulnerabilities. File : squid_wccp_and_gopher_flaws.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:33:51 |
|