CVE-2004-0918

The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923
http://fedoranews.org/updates/FEDORA--.shtml
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
http://marc.info/?l=bugtraq&m=109913064629327&w=2
http://secunia.com/advisories/30914	Vendor Advisory
http://secunia.com/advisories/30967	Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200410-15.xml
http://www.idefense.com/application/poi/display?id=152&type=vulnerabilities&flashstatus=false
http://www.redhat.com/support/errata/RHSA-2004-591.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/11385	Patch Vendor Advisory
http://www.squid-cache.org/Advisories/SQUID-2004_3.txt
http://www.squid-cache.org/Advisories/SQUID-2008_1.txt
http://www.vupen.com/english/advisories/2008/1969/references	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17688
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10931
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00122.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:openpkg:openpkg:2.1:::::::*
	cpe:2.3:a:openpkg:openpkg:2.2:::::::*
	cpe:2.3:a:openpkg:openpkg:current:::::::*
	cpe:2.3:a:squid:squid:2.0_patch2:::::::*
	cpe:2.3:a:squid:squid:2.1_patch2:::::::*
	cpe:2.3:a:squid:squid:2.3_.stable4:::::::*
	cpe:2.3:a:squid:squid:2.3_.stable5:::::::*
	cpe:2.3:a:squid:squid:2.4:::::::*
	cpe:2.3:a:squid:squid:2.4_.stable2:::::::*
	cpe:2.3:a:squid:squid:2.4_.stable6:::::::*
	cpe:2.3:a:squid:squid:2.4_.stable7:::::::*
	cpe:2.3:a:squid:squid:2.5_.stable1:::::::*
	cpe:2.3:a:squid:squid:2.5_.stable3:::::::*
	cpe:2.3:a:squid:squid:2.5_.stable4:::::::*
	cpe:2.3:a:squid:squid:2.5_.stable5:::::::*
	cpe:2.3:a:squid:squid:2.5_.stable6:::::::*
	cpe:2.3:a:squid:squid:3.0_pre1:::::::*
	cpe:2.3:a:squid:squid:3.0_pre2:::::::*
	cpe:2.3:a:squid:squid:3.0_pre3:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:gentoo:linux::::::::
	cpe:2.3:o:redhat:fedora_core:core_2.0:::::::*
	cpe:2.3:o:trustix:secure_linux:1.5:::::::*
	cpe:2.3:o:trustix:secure_linux:2.0:::::::*
	cpe:2.3:o:trustix:secure_linux:2.1:::::::*
	cpe:2.3:o:ubuntu:ubuntu_linux:4.1::ia64:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:4.1::ppc:::::

History

No history.

Information

Published : 2005-01-27 05:00

Updated : 2017-10-11 01:29

NVD link : CVE-2004-0918

Mitre link : CVE-2004-0918

CVE.ORG link : CVE-2004-0918

JSON object : View

Products Affected

ubuntu

ubuntu_linux

openpkg

openpkg

redhat

fedora_core

squid

squid

trustix

secure_linux

gentoo

linux

CWE

CWE-399

Resource Management Errors

{"id": "CVE-2004-0918", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-01-27T05:00:00.000", "references": [{"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt", "source": "cve@mitre.org"}, {"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923", "source": "cve@mitre.org"}, {"url": "http://fedoranews.org/updates/FEDORA--.shtml", "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=109913064629327&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/30914", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/30967", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-15.xml", "source": "cve@mitre.org"}, {"url": "http://www.idefense.com/application/poi/display?id=152&type=vulnerabilities&flashstatus=false", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2004-591.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/11385", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.squid-cache.org/Advisories/SQUID-2004_3.txt", "source": "cve@mitre.org"}, {"url": "http://www.squid-cache.org/Advisories/SQUID-2008_1.txt", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/1969/references", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17688", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10931", "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00122.html", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error."}], "lastModified": "2017-10-11T01:29:37.733", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openpkg:openpkg:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37042CDE-E4FE-442E-891A-CD84433D36E2"}, {"criteria": "cpe:2.3:a:openpkg:openpkg:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11F6E348-01DF-4FA4-808E-39A2A7A2B97B"}, {"criteria": "cpe:2.3:a:openpkg:openpkg:current:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D342447B-5233-45FD-B1CF-8D84921402AD"}, {"criteria": "cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0AA7680-E004-44AC-9AE9-C0186459C4B4"}, {"criteria": "cpe:2.3:a:squid:squid:2.1_patch2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05A4829D-4DC1-4CD2-B136-48719A254EA9"}, {"criteria": "cpe:2.3:a:squid:squid:2.3_.stable4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A6BFB6A-0AFC-4E52-AD48-252E741B683B"}, {"criteria": "cpe:2.3:a:squid:squid:2.3_.stable5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9797A37-FD26-4527-B2FA-E458F7A88D9B"}, {"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A"}, {"criteria": "cpe:2.3:a:squid:squid:2.4_.stable2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8F697BB-5C94-42CD-AD9E-72C3D3675D27"}, {"criteria": "cpe:2.3:a:squid:squid:2.4_.stable6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE764CDC-1018-4502-8F41-8A48E38E7AAF"}, {"criteria": "cpe:2.3:a:squid:squid:2.4_.stable7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CBAAC5B-6012-410F-B765-689A8D55B095"}, {"criteria": "cpe:2.3:a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62C66D46-D3C7-4FCC-B80D-EBA542E77C13"}, {"criteria": "cpe:2.3:a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0B6C02F-D194-4CA7-9DEC-A436A4E8C99C"}, {"criteria": "cpe:2.3:a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B7D86CB-EEAD-4C40-855D-E98E4ED8B58F"}, {"criteria": "cpe:2.3:a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F59C3E7-0AC0-4886-B4B4-56904AC93C55"}, {"criteria": "cpe:2.3:a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5207FB50-946A-4AB2-AED9-9BA78B88F1F3"}, {"criteria": "cpe:2.3:a:squid:squid:3.0_pre1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF89643B-169C-4ECD-B905-F4FE7F37030D"}, {"criteria": "cpe:2.3:a:squid:squid:3.0_pre2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "631B754D-1EB0-4A64-819A-5A24E7D0ADFD"}, {"criteria": "cpe:2.3:a:squid:squid:3.0_pre3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95AB69CF-AD54-4D30-A9C5-4253855A760F"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E"}, {"criteria": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6996B14-925B-46B8-982F-3545328B506B"}, {"criteria": "cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39605B96-BAD6-45C9-BB9A-43D6E2C51ADD"}, {"criteria": "cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53AF1A2D-B0A2-4097-AD1D-DF3AF27171BA"}, {"criteria": "cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A67735E5-E43E-4164-BDB2-ADC6E0288E9F"}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E94583A-5184-462E-9FC4-57B35DA06DA7"}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E905FAAD-37B6-4DD0-A752-2974F8336273"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

5.0 /10