CVE-2005-1519

Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query	Patch
http://secunia.com/advisories/15294	Patch
http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html
http://www.debian.org/security/2005/dsa-751
http://fedoranews.org/updates/FEDORA--.shtml
http://www.securityfocus.com/bid/13592
http://www.redhat.com/support/errata/RHSA-2005-489.html
http://www.vupen.com/english/advisories/2005/0521
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9976

Configurations

Configuration 1 (hide)

cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*

Information

Published : 2005-05-10 21:00

Updated : 2017-10-10 18:30

NVD link : CVE-2005-1519

Mitre link : CVE-2005-1519

JSON object : View

CWE

NVD-CWE-Other

Products Affected

squid

squid

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query", "name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/15294", "name": "15294", "tags": ["Patch"], "refsource": "SECUNIA"}, {"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html", "name": "FEDORA-2005-373", "tags": [], "refsource": "FEDORA"}, {"url": "http://www.debian.org/security/2005/dsa-751", "name": "DSA-751", "tags": [], "refsource": "DEBIAN"}, {"url": "http://fedoranews.org/updates/FEDORA--.shtml", "name": "FLSA-2006:152809", "tags": [], "refsource": "FEDORA"}, {"url": "http://www.securityfocus.com/bid/13592", "name": "13592", "tags": [], "refsource": "BID"}, {"url": "http://www.redhat.com/support/errata/RHSA-2005-489.html", "name": "RHSA-2005:489", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.vupen.com/english/advisories/2005/0521", "name": "ADV-2005-0521", "tags": [], "refsource": "VUPEN"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9976", "name": "oval:org.mitre.oval:def:9976", "tags": [], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-1519", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-05-11T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.5_stable9"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-10-11T01:30Z"}

6.4 /10