漏洞信息详情
Squid FTP代理数据通道漏洞
- CNNVD编号:CNNVD-200207-090
- 危害等级: 高危
![图片[1]-Squid FTP代理数据通道漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-04-26/bbdd3e8868c10d22861b2275d65f4500.png)
- CVE编号:
CVE-2002-0714
- 漏洞类型:
设计错误
- 发布时间:
2002-07-26
- 威胁类型:
远程
- 更新时间:
2005-05-02
- 厂 商:
squid - 漏洞来源:
Discovery credited… -
漏洞简介
Squid 2.4.STABLE6之前版本的FTP代理不比较控件的IP地址以及与FTP服务器有关的数据,远程攻击者可以绕过防火墙规则或欺骗FTP服务器响应。
漏洞公告
Sanity checks have been introduced into Squid as a default configuration option. The checks will prevent any attempt to carry out these attacks. If support for different control/data addresses is required, disabling the ftp_sanitycheck directive will remove the sanity checking.
FreeBSD has released a Security Notice FreeBSD-SN-02:05. Users of FreeBSD systems are strongly urged to upgrade their ports tree to fix various reported issues. Further information can be found in the referenced Security Notice.
Updated packages are available.
National Science Foundation Squid Web Proxy 2.2
-
National Science Foundation squid-2.4.STABLE7-src.tar.gz
ftp://ftp.squid-cache.org/pub/squid-2/STABLE/squid-2.4.STABLE7-src.tar
.gz
National Science Foundation Squid Web Proxy 2.2 STABLE5
-
National Science Foundation squid-2.4.STABLE7-src.tar.gz
ftp://ftp.squid-cache.org/pub/squid-2/STABLE/squid-2.4.STABLE7-src.tar
.gz -
SuSE squid-2.3.STABLE4-162.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/squid-2.3.STABLE4-162.i
386.rpm -
SuSE squid-2.3.STABLE4-162.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/squid-2.3.STABLE4-162.i
386.rpm -
SuSE squid-2.4.STABLE6-2.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/squid-2.4.STABLE6-2.i38
6.rpm -
SuSE squid-2.4.STABLE6-9.i386.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/squid-2.4.STABLE6-9.i38
6.patch.rpm -
SuSE squid-2.4.STABLE6-9.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/squid-2.4.STABLE6-9.i38
6.rpm -
SuSE squid-beta-2.4.STABLE1-105.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/squid-beta-2.4.STABLE1-
105.i386.rpm -
SuSE squid-beta-2.4.STABLE2-99.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/squid-beta-2.4.STABLE2-
99.i386.rpm -
SuSE squid2-2.2.STABLE5-223.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/squid2-2.2.STABLE5-223.
i386.rpm -
SuSE squid2-2.2.STABLE5-223.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/squid2-2.2.STABLE5-223.
i386.rpm -
SuSE squid2-2.2.STABLE5-224.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/squid2-2.2.STABLE5-224.
i386.rpm -
SuSE squid23-2.3.STABLE4-81.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/squid23-2.3.STABLE4-81.
i386.rpm -
SuSE squid23-2.3.STABLE4-81.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/squid23-2.3.STABLE4-81.
i386.rpm -
SuSE squid23-2.3.STABLE4-82.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/squid23-2.3.STABLE4-82.
i386.rpm
National Science Foundation Squid Web Proxy 2.3 STABLE3
-
National Science Foundation squid-2.4.STABLE7-src.tar.gz
ftp://ftp.squid-cache.org/pub/squid-2/STABLE/squid-2.4.STABLE7-src.tar
.gz
National Science Foundation Squid Web Proxy 2.3 STABLE4
-
National Science Foundation squid-2.4.STABLE7-src.tar.gz
ftp://ftp.squid-cache.org/pub/squid-2/STABLE/squid-2.4.STABLE7-src.tar
.gz -
Red Hat squid-2.4.STABLE6-6.6.2.alpha.rpmRed Hat Linux 6.2 Alpha.
ftp://updates.redhat.com/6.2/en/os/alpha/squid-2.4.STABLE6-6.6.2.alpha
.rpm -
Red Hat squid-2.4.STABLE6-6.6.2.i386.rpmRed Hat Linux 6.2 i386.
ftp://updates.redhat.com/6.2/en/os/i386/squid-2.4.STABLE6-6.6.2.i386.r
pm -
Red Hat squid-2.4.STABLE6-6.6.2.sparc.rpmRed Hat Linux 6.2 sparc.
ftp://updates.redhat.com/6.2/en/os/sparc/squid-2.4.STABLE6-6.6.2.sparc
.rpm -
Red Hat squid-2.4.STABLE6-6.6.2.src.rpmRed Hat Linux 6.2 source RPM.
ftp://updates.redhat.com/6.2/en/os/SRPMS/squid-2.4.STABLE6-6.6.2.src.r
pm -
Red Hat squid-2.4.STABLE6-6.7.0.alpha.rpmRed Hat Linux 7.0 Alpha.
ftp://updates.redhat.com/7.0/en/os/alpha/squid-2.4.STABLE6-6.7.0.alpha
.rpm -
Red Hat squid-2.4.STABLE6-6.7.0.i386.rpmRed Hat Linux 7.0 i386.
ftp://updates.redhat.com/7.0/en/os/i386/squid-2.4.STABLE6-6.7.0.i386.r
pm -
Red Hat squid-2.4.STABLE6-6.7.0.src.rpmRed Hat Linux 7.0 source RPM.
ftp://updates.redhat.com/7.0/en/os/SRPMS/squid-2.4.STABLE6-6.7.0.src.r
pm -
Red Hat squid-2.4.STABLE6-6.7.1.alpha.rpmRed Hat Linux 7.1 Alpha.
ftp://updates.redhat.com/7.1/en/os/alpha/squid-2.4.STABLE6-6.7.1.alpha
.rpm -
Red Hat squid-2.4.STABLE6-6.7.1.i386.rpmRed Hat Linux 7.1 i386.
ftp://updates.redhat.com/7.1/en/os/i386/squid-2.4.STABLE6-6.7.1.i386.r
pm -
Red Hat squid-2.4.STABLE6-6.7.1.src.rpmRed Hat Linux 7.1 source RPM.
ftp://updates.redhat.com/7.1/en/os/SRPMS/squid-2.4.STABLE6-6.7.1.src.r
pm -
Red Hat squid-2.4.STABLE6-6.7.3.i386.rpmRed Hat Linux 7.2 i386.
ftp://updates.redhat.com/7.2/en/os/i386/squid-2.4.STABLE6-6.7.3.i386.r
pm -
Red Hat squid-2.4.STABLE6-6.7.3.i386.rpmRed Hat Linux 7.3 i386.
ftp://updates.redhat.com/7.3/en/os/i386/squid-2.4.STABLE6-6.7.3.i386.r
pm
<
参考网址
来源: www.squid-cache.org
链接:http://www.squid-cache.org/Versions/v2/2.4/bugs/
来源: www.squid-cache.org
链接:http://www.squid-cache.org/Advisories/SQUID-2002_3.txt
来源: MANDRAKE
名称: MDKSA-2002:044
链接:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php
来源: REDHAT
名称: RHSA-2002:130
链接:http://rhn.redhat.com/errata/RHSA-2002-130.html
来源: BUGTRAQ
名称: 20020715 TSLSA-2002-0062 – squid
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=102674543407606&w=2
来源: BID
名称: 5158
链接:http://www.securityfocus.com/bid/5158
来源: OSVDB
名称: 5924
链接:http://www.osvdb.org/5924
来源: XF
名称: squid-ftp-data-injection(9479)
链接:http://www.iss.net/security_center/static/9479.php
来源: REDHAT
名称: RHSA-2002:051
链接:http://rhn.redhat.com/errata/RHSA-2002-051.html
来源: CONECTIVA
名称: CLA-2002:506
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000506
来源: CALDERA
名称: CSSA-2002-046.0
链接:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
