CVE-2009-2855: Input Validation
First published: Sun Jun 28 2009(Updated: )
A denial of service flaw was found in the way Squid used to process certain external ACL helper HTTP-Header fields (%{header:<delimiter>member}), where <delimiter> is not a comma. Remote attacker could use this flaw to cause an excessive CPU use by issuing such a request to the Squid server. Common Vulnerabilities and Exposures assigned an identifier <a href="https://access.redhat.com/security/cve/CVE-2009-2855">CVE-2009-2855</a> to this vulnerability: ------------------------------------------------------------------------------ The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function. References: ----------- [1] <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2855">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2855</a> [2] <a href="http://www.openwall.com/lists/oss-security/2009/07/20/10">http://www.openwall.com/lists/oss-security/2009/07/20/10</a> [3] <a href="http://www.openwall.com/lists/oss-security/2009/08/03/3">http://www.openwall.com/lists/oss-security/2009/08/03/3</a> [4] <a href="http://www.openwall.com/lists/oss-security/2009/08/04/6">http://www.openwall.com/lists/oss-security/2009/08/04/6</a> [5] <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31;filename=diff;att=1;bug=534982">http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31;filename=diff;att=1;bug=534982</a> [6] <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=2704">http://www.squid-cache.org/bugs/show_bug.cgi?id=2704</a> [7] <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982</a> Note: The proposed patch from Debian [6] isn't the upstream one. Please wait, while upstream confirms it or comes with another one. Upstream bug report: -------------------- <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=2541">http://www.squid-cache.org/bugs/show_bug.cgi?id=2541</a>
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/squid | <7:2.6.STABLE21-6.el5 | 7:2.6.STABLE21-6.el5 |
| Squid Web Proxy Cache | =2.7 | |
| Squid Web Proxy Cache | =2.7-stable3 | |
| Squid Web Proxy Cache | =2.7-stable4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982
- http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31%3Bfilename=diff%3Batt=1%3Bbug=534982
- http://www.openwall.com/lists/oss-security/2009/07/20/10
- http://www.openwall.com/lists/oss-security/2009/08/03/3
- http://www.openwall.com/lists/oss-security/2009/08/04/6
- http://www.securityfocus.com/bid/36091
- http://www.securitytracker.com/id?1022757
- http://www.squid-cache.org/bugs/show_bug.cgi?id=2541
- http://www.squid-cache.org/bugs/show_bug.cgi?id=2704
- https://bugzilla.redhat.com/show_bug.cgi?id=518182
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52610
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10592
- http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31;filename=diff;att=1;bug=534982
- https://access.redhat.com/security/cve/CVE-2009-2855
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2855
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=518182#c1
- http://www.squid-cache.org/bugs/attachment.cgi?id=1854
- http://www.squid-cache.org/bugs/show_bug.cgi?id=2541#c1
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=509895
- http://www.squid-cache.org/Versions/v2/HEAD/changesets/12541.patch
- http://www.squid-cache.org/
- http://www.redhat.com/security/updates/classification/
- https://rhn.redhat.com/errata/RHSA-2010-0221.html
- https://www.cve.org/CVERecord?id=CVE-2009-2855 https://nvd.nist.gov/vuln/detail/CVE-2009-2855
- https://access.redhat.com/errata/RHSA-2010:0221
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2855.json
Frequently Asked Questions
What is the severity of CVE-2009-2855?
CVE-2009-2855 has been classified as a denial of service vulnerability that can lead to excessive CPU usage.
How do I fix CVE-2009-2855?
To mitigate CVE-2009-2855, it is recommended to upgrade to the latest version of Squid that addresses this vulnerability.
What versions of Squid are affected by CVE-2009-2855?
CVE-2009-2855 affects Squid versions up to 2.7, including specific stable releases like 2.6.STABLE21 and 2.7-stable3.
What are the potential impacts of CVE-2009-2855?
The potential impact of CVE-2009-2855 includes service disruption due to high CPU usage when exploited by remote attackers.
Who can exploit CVE-2009-2855?
CVE-2009-2855 can be exploited by any remote attacker who sends specially crafted requests to the affected Squid server.
- agent/author
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-2855
- agent/references
- agent/weakness
- agent/severity
- collector/redhat-cve
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-api
- package-manager/redhat
- vendor/squid-cache
- canonical/squid web proxy cache
- version/squid web proxy cache/2.7
- version/squid web proxy cache/2.7-stable3
- version/squid web proxy cache/2.7-stable4