CVE-2007-0247 - OpenCVE

squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Squid	Squid

Configuration 1 [-]

OR	cpe:2.3:a:squid:squid:2.6.stable1:::::::*
	cpe:2.3:a:squid:squid:2.6.stable2:::::::*
	cpe:2.3:a:squid:squid:2.6.stable3:::::::*
	cpe:2.3:a:squid:squid:2.6.stable4:::::::*
	cpe:2.3:a:squid:squid:2.6.stable5:::::::*
	cpe:2.3:a:squid:squid:2.6.stable6:::::::*

References

Link	Resource
http://fedoranews.org/cms/node/2442
http://osvdb.org/39839
http://secunia.com/advisories/23767	Vendor Advisory
http://secunia.com/advisories/23805	Vendor Advisory
http://secunia.com/advisories/23810	Vendor Advisory
http://secunia.com/advisories/23837	Vendor Advisory
http://secunia.com/advisories/23889	Vendor Advisory
http://secunia.com/advisories/23921	Vendor Advisory
http://secunia.com/advisories/23946	Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:026
http://www.novell.com/linux/security/advisories/2007_12_squid.html
http://www.securityfocus.com/bid/22079
http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12
http://www.squid-cache.org/bugs/show_bug.cgi?id=1857
http://www.trustix.org/errata/2007/0003/
http://www.ubuntu.com/usn/usn-414-1
http://www.vupen.com/english/advisories/2007/0199	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/31523

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-01-16T18:00:00

Updated: 2017-07-28T12:57:01

Reserved: 2007-01-16T00:00:00

Link: CVE-2007-0247

JSON object: View

NVD Information

Status : Modified

Published: 2007-01-16T18:28:00.000

Modified: 2017-07-29T01:30:04.640

Link: CVE-2007-0247

JSON object: View

Redhat Information

No data.

CWE

CWE-399

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-01-13T00:00:00", "descriptions": [{"lang": "en", "value": "squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1857"}, {"name": "23921", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23921"}, {"name": "23946", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23946"}, {"name": "22079", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22079"}, {"name": "ADV-2007-0199", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0199"}, {"name": "GLSA-200701-22", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml"}, {"name": "23810", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23810"}, {"name": "SUSE-SA:2007:012", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_12_squid.html"}, {"name": "MDKSA-2007:026", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:026"}, {"name": "2007-0003", "tags": ["vendor-advisory", "x_refsource_TRUSTIX"], "url": "http://www.trustix.org/errata/2007/0003/"}, {"name": "USN-414-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-414-1"}, {"name": "23837", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23837"}, {"name": "23805", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23805"}, {"name": "23767", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23767"}, {"name": "39839", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/39839"}, {"name": "FEDORA-2007-092", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://fedoranews.org/cms/node/2442"}, {"name": "23889", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23889"}, {"name": "squid-multiple-dos(31523)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31523"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0247", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12", "refsource": "CONFIRM", "url": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12"}, {"name": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1857", "refsource": "CONFIRM", "url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1857"}, {"name": "23921", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23921"}, {"name": "23946", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23946"}, {"name": "22079", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22079"}, {"name": "ADV-2007-0199", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0199"}, {"name": "GLSA-200701-22", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml"}, {"name": "23810", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23810"}, {"name": "SUSE-SA:2007:012", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_12_squid.html"}, {"name": "MDKSA-2007:026", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:026"}, {"name": "2007-0003", "refsource": "TRUSTIX", "url": "http://www.trustix.org/errata/2007/0003/"}, {"name": "USN-414-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-414-1"}, {"name": "23837", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23837"}, {"name": "23805", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23805"}, {"name": "23767", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23767"}, {"name": "39839", "refsource": "OSVDB", "url": "http://osvdb.org/39839"}, {"name": "FEDORA-2007-092", "refsource": "FEDORA", "url": "http://fedoranews.org/cms/node/2442"}, {"name": "23889", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23889"}, {"name": "squid-multiple-dos(31523)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31523"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0247", "datePublished": "2007-01-16T18:00:00", "dateReserved": "2007-01-16T00:00:00", "dateUpdated": "2017-07-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:squid:squid:2.6.stable1:*:*:*:*:*:*:*", "matchCriteriaId": "24D590FB-2759-475E-8136-1B15352605EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:squid:squid:2.6.stable2:*:*:*:*:*:*:*", "matchCriteriaId": "2988AF48-979A-4CBC-90D9-83B364719E1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:squid:squid:2.6.stable3:*:*:*:*:*:*:*", "matchCriteriaId": "A212F82C-E64A-456F-BD37-58D6D10CF62A", "vulnerable": true}, {"criteria": "cpe:2.3:a:squid:squid:2.6.stable4:*:*:*:*:*:*:*", "matchCriteriaId": "2B3A370A-815C-49F9-8BDF-C87C615D160A", "vulnerable": true}, {"criteria": "cpe:2.3:a:squid:squid:2.6.stable5:*:*:*:*:*:*:*", "matchCriteriaId": "96EC5316-A83B-4EB5-BCF9-C3800D82F1DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:squid:squid:2.6.stable6:*:*:*:*:*:*:*", "matchCriteriaId": "0BD0D706-FDE4-43EB-9769-B2922BBDCDC8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions."}, {"lang": "es", "value": "El archivo squid/src/ftp.c en Squid versiones anteriores a 2.6.STABLE7, permite a los servidores FTP remotos causar una denegaci\u00f3n de servicio (volcado del n\u00facleo) por medio de respuestas de enumeraci\u00f3n de directorio FTP, posiblemente relacionadas con las funciones (1) ftpListingFinish y (2) ftpHtmlifyListEntry."}], "id": "CVE-2007-0247", "lastModified": "2017-07-29T01:30:04.640", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-01-16T18:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://fedoranews.org/cms/node/2442"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/39839"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23767"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23805"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23810"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23837"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23889"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23921"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23946"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:026"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2007_12_squid.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/22079"}, {"source": "cve@mitre.org", "url": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12"}, {"source": "cve@mitre.org", "url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1857"}, {"source": "cve@mitre.org", "url": "http://www.trustix.org/errata/2007/0003/"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-414-1"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/0199"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31523"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.\n\nThis issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.", "lastModified": "2007-07-26T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}