Debian Security Advisory

DSA-077-1 squid -- remote DoS

Date Reported:
24 Sep 2001
Affected Packages:
Security database references:
In the Bugtraq database (at SecurityFocus): BugTraq ID 3354.
In Mitre's CVE dictionary: CVE-2001-0843.
More information:
Vladimir Ivaschenko found a problem in squid (a popular proxy cache). He discovered that there was a flaw in the code to handle FTP PUT commands: when a mkdir-only request was done squid would detect an internal error and exit. Since squid is configured to restart itself on problems this is not a big problem.

This has been fixed in version 2.2.5-3.2. This problem is logged as bug 233 in the squid bugtracker and will also be fixed in future squid releases.

Fixed in:

Debian GNU/Linux 2.2 (potato)

Intel IA-32:
Motorola 680x0:
Sun Sparc:

MD5 checksums of the listed files are available in the original advisory.