OSVDB ID: 5924

Title: Squid Proxy FTP Channel Injection

Info

Disclosure
Jul 03, 2002

Discovery
Unknown

Dates

Exploit
Unknown

Solution
Unknown

Description

 Squid Proxy contains a flaw that may allow a malicious user to to inject arbitrary data or intercept data in FTP channels or bypass firewall rules. The issue is triggered as Squid Proxy does not perform a sanity check on the server address between the control and data connection. It is possible that the flaw may allow arbitrary data injection or interception or bypassing of firewall rules resulting in a loss of confidentiality and integrity.

Classification

 Location: Remote/Network Access Required
Attack Type: Hijacking
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

 Upgrade to version 2.4.STABLE7 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): Deny proxying of ftp:// or gopher:// URLs, for example by inserting the following lines at the top of your squid.conf # Workaround for bugs in Squid-2.4.STABLE6 and earlier acl workaround proto FTP Gopher http_access deny workaround

Products

Team Squid

Proxy Web Server

 2.0.x
2.1.x
2.2.x
2.3.x
2.4.STABLE1
2.4.STABLE2
2.4.STABLE3
2.4.STABLE4
2.4.STABLE5
2.4.STABLE6

References

Credit
  • Olaf Kirch - okirBrand New Doo Doomonad.swb.de -


Direct URL: http://osvdb.org/36218