CVE-2005-1519

Sažetak

Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups.

Reference

http://fedoranews.org/updates/FEDORA--.shtml
http://secunia.com/advisories/15294
http://www.debian.org/security/2005/dsa-751
http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html
http://www.redhat.com/support/errata/RHSA-2005-489.html
http://www.securityfocus.com/bid/13592
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query
http://www.vupen.com/english/advisories/2005/0521
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9976

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:P

Zadnje važnije ažuriranje

11-10-2017 - 01:30

Objavljeno

11-05-2005 - 04:00