oss-sec mailing list archives
Re: squid 3.x vulnerabilities
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 28 Jul 2009 13:40:20 -0400 (EDT)
Two CVEs were assigned given strong indications of different types of problems. - Steve ====================================================== Name: CVE-2009-2621 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2621 Acknowledged: yes advisory Announced: 20090727 Flaw: undiag Reference: CONFIRM:http://www.squid-cache.org/Advisories/SQUID-2009_2.txt Reference: CONFIRM:http://www.squid-cache.org/Versions/v3/3.1/changesets/b9654.patch Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc. Analysis: ACCURACY: some specifics were inferred from b9654.patch, especially the debug statements that were added. ACKNOWLEDGEMENT: SQUID-2009:2 says "Due to incorrect buffer limits and related bound checks Squid is vulnerable to a denial of service attack when processing specially crafted requests or responses." ====================================================== Name: CVE-2009-2622 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2622 Acknowledged: yes advisory Announced: 20090727 Flaw: undiag Reference: CONFIRM:http://www.squid-cache.org/Advisories/SQUID-2009_2.txt Reference: CONFIRM:http://www.squid-cache.org/Versions/v3/3.1/changesets/b9661.patch Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc. Analysis: ACCURACY: some specifics were inferred from b9661.patch, especially the debug statements that were added. ACKNOWLEDGEMENT: SQUID-2009:2 says "Due to incorrect data validation Squid is vulnerable to a denial of service attack when processing specially crafted responses."
Current thread:
- squid 3.x vulnerabilities Vincent Danen (Jul 27)
- Re: squid 3.x vulnerabilities Steven M. Christey (Jul 28)