Squid Web Proxy Cache contains a flaw that may allow a malicious user to bypass access control lists. The issue is triggered when sending a specially crafted URL request containing '%00' in it. It is possible that the flaw may allow unauthorized access resulting in a loss of integrity.
Classification
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
Technical
Due to a flaw in the '%xx' URL decoding function, the url_regex ACL may not properly detect URL requests containing '%00'. Squid will insert a NULL character in place of '%00' in the URL before analyzing for access control purposes. As a result, this URL will not be properly detected as a match to be denied in accordance with the specified types of access control configurations.
Solution
Upgrade to version 2.5.STABLE5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
