Bug 222883 – CVE-2007-0247 Squid crashes when receiving certain FTP listings

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 222883 - (CVE-2007-0247) CVE-2007-0247 Squid crashes when receiving certain FTP listings

Summary:	CVE-2007-0247 Squid crashes when receiving certain FTP listings

Status:	CLOSED ERRATA

Aliases:	CVE-2007-0247

Product:	Fedora
Classification:	Fedora
Component:	squid (Show other bugs)
Sub Component:
Version:	6
Hardware:	All Linux

Priority	high Severity high
Target Milestone:	---
Target Release:	---
Assigned To:	Martin Stransky
QA Contact:
Docs Contact:

URL:	http://www.squid-cache.org/bugs/show_...
Whiteboard:	impact=important,source=gentoo,report...
Keywords:	Security

Depends On:
Blocks:	222884
	Show dependency tree / graph

Reported:	2007-01-16 13:29 EST by Lubomir Kundrak
Modified:	2007-11-30 17:11 EST (History)
CC List:	0 users

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2007-01-17 04:21:28 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Upstream patch for Squid FTP triggered DoS #1857 (1.26 KB, patch) 2007-01-16 13:29 EST, Lubomir Kundrak	no flags	Details \| Diff
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Lubomir Kundrak 2007-01-16 13:29:37 EST

Description of problem:

Visiting this [1] URL makes Squid die upon receival of SIGSEGV Signal.
[1] ftp://ftp.debian.org/pub/debian/dists/sid/main/binary-hurd-i386;type=d

Version-Release number of selected component (if applicable):

Seems to be introduced with 2.5.STABLE11, so does affect
Fedora 5 and 6 and RHEL 5.

Additional info:

Fixed in 2.6.STABLE11.
See the upstream bug report [2] for patch.
[2] http://www.squid-cache.org/bugs/show_bug.cgi?id=1857

Comment 1 Lubomir Kundrak 2007-01-16 13:29:37 EST

Created attachment 145712 [details]
Upstream patch for Squid FTP triggered DoS #1857

Comment 2 Martin Stransky 2007-01-17 04:21:28 EST

fixed in squid-2.6.STABLE7-1.fc6

Comment 3 Fedora Update System 2007-01-17 11:32:03 EST

squid-2.5.STABLE14-3.FC5 has been pushed for fc5, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.

Comment 4 Josh Bressers 2007-01-21 16:58:57 EST

Martin,

I've not seen the fc6 update for this.  Are you planning to wait before pushing it?

Comment 5 Martin Stransky 2007-01-22 03:50:30 EST

It's here:

https://porkchop.devel.redhat.com/fedora-updates/show.py?pkg=squid-2.6.STABLE7-1.fc6&update=Final

Note You need to log in before you can comment on or make changes to this bug.