Squid Proxy NULL URL Character Unauthorized Access Vulnerability

Bugtraq ID: 9778
Class: Input Validation Error
CVE: CVE-2004-0189
CVE-2004-0189
Remote: Yes
Local: No
Published: Mar 01 2004 12:00AM
Updated: Jul 12 2009 03:06AM
Credit: Discovery is credited to Mitch Adair.
Vulnerable: Turbolinux Turbolinux Workstation 8.0
Turbolinux Turbolinux Workstation 7.0
Turbolinux Turbolinux Server 8.0
Turbolinux Turbolinux Server 7.0
Turbolinux Appliance Server Workgroup Edition 1.0
Turbolinux Appliance Server Hosting Edition 1.0
Trustix Secure Linux 2.0
Trustix Secure Linux 1.5
Squid Web Proxy Cache 2.5 .STABLE4
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.0 AMD64
 + Mandriva Linux Mandrake 10.0
+ OpenPKG OpenPKG 2.0
+ OpenPKG OpenPKG Current
 Squid Web Proxy Cache 2.5 .STABLE3
+ Mandriva Linux Mandrake 9.2 amd64
 + Mandriva Linux Mandrake 9.2
+ OpenPKG OpenPKG 1.3
+ Red Hat Enterprise Linux AS 3
 + Red Hat Fedora Core1
 + RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
 + RedHat Enterprise Linux WS 3
 + S.u.S.E. Linux Personal 9.0 x86_64
 + S.u.S.E. Linux Personal 9.0
Squid Web Proxy Cache 2.5 .STABLE1
+ Mandriva Linux Mandrake 9.1 ppc
 + Mandriva Linux Mandrake 9.1
+ S.u.S.E. Linux Personal 8.2
Squid Web Proxy Cache 2.4 .STABLE7
+ MandrakeSoft Corporate Server 2.1 x86_64
 + MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Red Hat Enterprise Linux AS 2.1 IA64
 + Red Hat Enterprise Linux AS 2.1
 + RedHat Enterprise Linux ES 2.1 IA64
 + RedHat Enterprise Linux ES 2.1
 + RedHat Enterprise Linux WS 2.1 IA64
 + RedHat Enterprise Linux WS 2.1
 + RedHat Linux Advanced Work Station 2.1
Squid Web Proxy Cache 2.4 .STABLE6
+ Debian Linux 3.0 sparc
 + Debian Linux 3.0 s/390
 + Debian Linux 3.0 ppc
 + Debian Linux 3.0 mipsel
 + Debian Linux 3.0 mips
 + Debian Linux 3.0 m68k
 + Debian Linux 3.0 ia-64
 + Debian Linux 3.0 ia-32
 + Debian Linux 3.0 hppa
 + Debian Linux 3.0 arm
 + Debian Linux 3.0 alpha
 + Debian Linux 3.0
Squid Web Proxy Cache 2.4 .STABLE2
Squid Web Proxy Cache 2.4
+ Debian Linux 3.0 sparc
 + Debian Linux 3.0 s/390
 + Debian Linux 3.0 ppc
 + Debian Linux 3.0 mipsel
 + Debian Linux 3.0 mips
 + Debian Linux 3.0 m68k
 + Debian Linux 3.0 ia-64
 + Debian Linux 3.0 ia-32
 + Debian Linux 3.0 hppa
 + Debian Linux 3.0 arm
 + Debian Linux 3.0 alpha
 + Debian Linux 3.0
Squid Web Proxy Cache 2.3 .STABLE5
Squid Web Proxy Cache 2.3 .STABLE4
Squid Web Proxy Cache 2.1 PATCH2
Squid Web Proxy Cache 2.0 PATCH2
SGI ProPack 3.0
SGI ProPack 2.4
SGI ProPack 2.3
SCO Unixware 7.1.4
SCO Open Server 5.0.7
SCO Open Server 5.0.6
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1
Gentoo Linux 1.4 _rc3
Gentoo Linux 1.4 _rc2
Gentoo Linux 1.4 _rc1
Gentoo Linux 1.4
Gentoo Linux 1.2
Gentoo Linux 1.1 a
Gentoo Linux 0.7
Gentoo Linux 0.5
Conectiva Linux 9.0
Conectiva Linux 8.0
Not Vulnerable: Squid Web Proxy Cache 2.5 .STABLE5
+ Conectiva Linux 10.0
+ Conectiva Linux 9.0
+ S.u.S.E. Linux Personal 9.1 x86_64
 + S.u.S.E. Linux Personal 9.1
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
+ Ubuntu Ubuntu Linux 4.1 ppc
 + Ubuntu Ubuntu Linux 4.1 ia64
 + Ubuntu Ubuntu Linux 4.1 ia32


 

Privacy Statement
Copyright 2010, SecurityFocus