Bug 166522
Summary: | CAN-2004-2480 squid access control bypass | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 4 | Reporter: | Josh Bressers <bressers> |
Component: | squid | Assignee: | Martin Stransky <stransky> |
Status: | CLOSED WORKSFORME | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | medium | ||
Version: | 4.0 | Keywords: | Security |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | impact=low,reported=20050821,public=20040510,source=cve | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-08-29 09:59:37 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Josh Bressers
2005-08-22 20:17:40 UTC
This issue should also affect RHEL2.1 and RHEL3. It was reported against 2.3 version and it seems to affect only this version. I can't reproduce it on 2.4 or 2.5 version, I'm going to investigate it more... Martin, There is a bit more information and more links in the CVE id: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-2480 I spent some time yesterday looking for this issue in upstream, but didn't find much. If it was fixed it was done in a non public manner. I went trough it too. It seems to me that this bug disappeared when upstream switched/rewrited code from 2.3 to 2.4, I spent today googling/searching and I haven't found anything relevant either. I wrote to original reporter and I'm going to test the archaic 2.3 version... Unable to reproduce on the latest RHEL4, RHEL3, RHEL2.1, FC4 and FC3 + old squid 2.3.STABLE5. I tested it with Mozila/Firefox/IE... The original reporter hasn't replied and I can't reproduce it, so I'm closing it as WORKSFORME. Please reopen if you find more info... |