Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Caldera CSSA-2002-010.0 - ftp vulnerability in squid

Caldera CSSA-2002-010.0 - ftp vulnerability in squid

by Nikola Strahija on March 31st, 2002 If certain constructed ftp:// style URL's are received, squid then crashes, causing a denial of service and possibly remote execution of code.


Caldera International, Inc. Security Advisory

Subject: Linux: ftp vulnerability in squid
Advisory number: CSSA-2002-010.0
Issue date: 2002, March 18
Cross reference:
______________________________________________________________________________


1. Problem Description

If certain constructed ftp:// style URL's are received, then squid
crashes, causing a denial of service and possibly remote execution of
code.


2. Vulnerable Supported Versions

System Package
-----------------------------------------------------------
OpenLinux Server 3.1 All packages previous to
squid-2.4.STABLE2-3

OpenLinux Workstation 3.1 All packages previous to
squid-2.4.STABLE2-3

OpenLinux Server 3.1.1 All packages previous to
squid-2.4.STABLE2-3

OpenLinux Workstation All packages previous to
3.1.1 squid-2.4.STABLE2-3



3. Solution

Workaround

none

The proper solution is to upgrade to the latest packages.


4. OpenLinux 3.1 Server

4.1 Location of Fixed Packages

The 3.1 version of this package is not yet available. An updated
advisory will be published when the package is released.


5. OpenLinux 3.1 Workstation

5.1 Location of Fixed Packages

The 3.1 version of this package is not yet available. An updated
advisory will be published when the package is released.


6. OpenLinux 3.1.1 Server

6.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

The corresponding source code package can be found at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

6.2 Verification

29ca65972c56e9a35a2181ce75bf23a2 RPMS/squid-2.4.STABLE2-3.i386.rpm
863ac8d6f199d9ebec518f85a6811026 SRPMS/squid-2.4.STABLE2-3.src.rpm


6.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -Fvh squid-2.4.STABLE2-3.i386.rpm


7. OpenLinux 3.1.1 Workstation

7.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS

The corresponding source code package can be found at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS

7.2 Verification

29ca65972c56e9a35a2181ce75bf23a2 RPMS/squid-2.4.STABLE2-3.i386.rpm
863ac8d6f199d9ebec518f85a6811026 SRPMS/squid-2.4.STABLE2-3.src.rpm


7.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -Fvh squid-2.4.STABLE2-3.i386.rpm



8. References

Specific references for this advisory:

none


Caldera OpenLinux security resources:

http://www.caldera.com/support/security/index.html

Caldera UNIX security resources:

http://stage.caldera.com/support/security/



This security fix closes Caldera incidents sr860954, fz520237,
erg711971.


9. Disclaimer

Caldera International, Inc. is not responsible for the misuse of
any of the information we provide on this website and/or through
our security advisories. Our advisories are a service to our
customers intended to promote secure installation and use of
Caldera International products.


10. Acknowledgements

The ftp vulnerability was discovered by Jouko Pynnonen
.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »