• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Squid HTCP Runtime Configuration Vulnerability

Bugtraq ID:	4150
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Feb 21 2002 12:00AM
Updated:	Feb 21 2002 12:00AM
Credit:	Credited to Jouko Pynnonen <jouko@solutions.fi> and Henrik Nordstrom <hno@squid-cache.org>.
Vulnerable:	National Science Foundation Squid Web Proxy 2.4 STABLE3 - Conectiva Linux 7.0 National Science Foundation Squid Web Proxy 2.4 STABLE2 + Caldera OpenLinux Server 3.1.1 + Caldera OpenServer 5.0.6 - Conectiva Linux 7.0 National Science Foundation Squid Web Proxy 2.4 STABLE1 + Conectiva Linux 8.0 + Conectiva Linux 7.0 + Conectiva Linux 6.0 + HP Secure OS software for Linux 1.0 + MandrakeSoft Corporate Server 1.0.1 + MandrakeSoft Linux Mandrake 8.0 ppc + MandrakeSoft Linux Mandrake 8.0 + MandrakeSoft Linux Mandrake 7.2 + MandrakeSoft Linux Mandrake 7.1 + MandrakeSoft Single Network Firewall 7.2 + RedHat Linux 7.2 - S.u.S.E. Linux 7.2 National Science Foundation Squid Web Proxy 2.4 + FreeBSD FreeBSD 5.0 + FreeBSD FreeBSD 4.5 + FreeBSD FreeBSD 4.4 + Trustix Secure Linux 1.5 + Trustix Secure Linux 1.2 + Trustix Secure Linux 1.1 National Science Foundation Squid Web Proxy 2.3.1 - Conectiva Linux 6.0 - Conectiva Linux 5.1 - Conectiva Linux 5.0 - Conectiva Linux graficas - Conectiva Linux ecommerce National Science Foundation Squid Web Proxy 2.3 + RedHat Linux 7.1 ia64 + RedHat Linux 7.1 i386 + RedHat Linux 7.1 alpha + RedHat Linux 7.0 i386 + RedHat Linux 7.0 alpha + RedHat Linux 6.2 sparc + RedHat Linux 6.2 i386 + RedHat Linux 6.2 alpha + S.u.S.E. Linux 7.3 sparc + S.u.S.E. Linux 7.3 ppc + S.u.S.E. Linux 7.3 i386 + S.u.S.E. Linux 7.2 i386 + S.u.S.E. Linux 7.1 x86 + S.u.S.E. Linux 7.1 sparc + S.u.S.E. Linux 7.1 ppc + S.u.S.E. Linux 7.1 alpha + S.u.S.E. Linux 7.0 sparc + S.u.S.E. Linux 7.0 ppc + S.u.S.E. Linux 7.0 i386 + S.u.S.E. Linux 7.0 alpha + S.u.S.E. Linux 6.4 ppc + S.u.S.E. Linux 6.4 i386 + S.u.S.E. Linux 6.4 alpha + SCO Open Server 5.0.6 a + SCO Open Server 5.0.6 + SCO Open Server 5.0.5 + SCO Open Server 5.0.4 + SCO Open Server 5.0.3 + SCO Open Server 5.0.2 + SCO Open Server 5.0.1 + SCO Open Server 5.0 National Science Foundation Squid Web Proxy 2.2 - RedHat Linux 6.0 sparc - RedHat Linux 6.0 alpha - RedHat Linux 6.0 - RedHat Linux 5.2 sparc - RedHat Linux 5.2 i386 - RedHat Linux 5.2 alpha National Science Foundation Squid Web Proxy 2.1 National Science Foundation Squid Web Proxy 2.0
Not Vulnerable:	National Science Foundation Squid Web Proxy 2.4 STABLE4 - MandrakeSoft Corporate Server 1.0.1 - MandrakeSoft Linux Mandrake 8.2 - MandrakeSoft Linux Mandrake 8.1 ia64 - MandrakeSoft Linux Mandrake 8.1 - MandrakeSoft Linux Mandrake 8.0 ppc - MandrakeSoft Linux Mandrake 8.0 - MandrakeSoft Linux Mandrake 7.2 - MandrakeSoft Linux Mandrake 7.1 - MandrakeSoft Single Network Firewall 7.2