The length argument of the WCCP recvfrom() call is larger than it should be. An attacker may send a larger-than-normal WCCP packet and overflow a buffer. The upstream patch for this issue can be found here: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_buffer_overflow.patch
This issue should affect RHEL2.
*** Bug 147696 has been marked as a duplicate of this bug. ***