|
|
Info |
Last Modified |
| 3 months ago |
|
|
|
|
Description |
Squid Web Proxy Cache contains a flaw that may allow a remote denial of service. The issue is triggered due to an ASN1 parsing error where certain header length combinations can bypass the validations performed by the ASN1 parser, eventually resulting in loss of availability for the service.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Denial of Service
Impact:
Loss of Availability
Exploit:
Exploit Unknown
Disclosure:
OSVDB Verified
|
|
Technical |
The offending code is in the asn_parse_header() routine of snmplib/asn1.c, which under some cases will allow negative length fields to pass validation. This leads to a failed xmalloc(), and the server then assumes there is heap corruption or some other exceptional condition, and restarts.
Successful exploitation requires that SNMP support is enabled. Only a single UDP packet is required to trigger this vulnerability, so the source address can be spoofed.
|
|
Solution |
Upgrade to version Squid-2.5.STABLE7 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: disable SNMP support or filter the port that has SNMP processing activated (3401 by default) to allow only SNMP data from trusted hosts.
|
|
Products |
|
Squid Web Proxy Cache
 |
2.5-STABLE5 |
|
|
|
|
|
|
Credit |
- Anonymous - idlabs-advisories
 idefense.com - iDEFENSE
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
