Multiple Squid cache proxy security vulnerability
Published:		17.01.2007
Source:		BUGTRAQ
SecurityVulns ID:		7061
Type:		remote
Level:		6/10
Description:		external_acl queue infinite loop, FTP client code DoS on parsing FTP server listing.

Affected:		SQUID : squid 2.6
CVE:		CVE-2007-0248 (The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop.)
		CVE-2007-0247 (squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions.)

Discuss:

Read or add your comments to this news (0 comments)