RHSA-2005:061: squid security update

First published: Fri Feb 11 2005(Updated: )

Squid is a full-featured Web proxy cache.<br>A buffer overflow flaw was found in the Gopher relay parser. This bug<br>could allow a remote Gopher server to crash the Squid proxy that reads data<br>from it. Although Gopher servers are now quite rare, a malicious web page<br>(for example) could redirect or contain a frame pointing to an attacker's<br>malicious gopher server. The Common Vulnerabilities and Exposures project<br>(cve.mitre.org) has assigned the name CAN-2005-0094 to this issue.<br>An integer overflow flaw was found in the WCCP message parser. It is<br>possible to crash the Squid server if an attacker is able to send a<br>malformed WCCP message with a spoofed source address matching Squid's<br>"home router". The Common Vulnerabilities and Exposures project<br>(cve.mitre.org) has assigned the name CAN-2005-0095 to this issue.<br>A memory leak was found in the NTLM fakeauth_auth helper. It is possible<br>that an attacker could place the Squid server under high load, causing the<br>NTML fakeauth_auth helper to consume a large amount of memory, resulting in<br>a denial of service. The Common Vulnerabilities and Exposures project<br>(cve.mitre.org) has assigned the name CAN-2005-0096 to this issue.<br>A NULL pointer de-reference bug was found in the NTLM fakeauth_auth helper.<br>It is possible for an attacker to send a malformed NTLM type 3 message,<br>causing the Squid server to crash. The Common Vulnerabilities and<br>Exposures project (cve.mitre.org) has assigned the name CAN-2005-0097 to<br>this issue.<br>A username validation bug was found in squid_ldap_auth. It is possible for<br>a username to be padded with spaces, which could allow a user to bypass<br>explicit access control rules or confuse accounting. The Common<br>Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name<br>CAN-2005-0173 to this issue.<br>The way Squid handles HTTP responses was found to need strengthening. It is<br>possible that a malicious web server could send a series of HTTP responses<br>in such a way that the Squid cache could be poisoned, presenting users with<br>incorrect webpages. The Common Vulnerabilities and Exposures project<br>(cve.mitre.org) has assigned the names CAN-2005-0174 and CAN-2005-0175 to<br>these issues.<br>A bug was found in the way Squid handled oversized HTTP response headers.<br>It is possible that a malicious web server could send a specially crafted<br>HTTP header which could cause the Squid cache to be poisoned, presenting<br>users with incorrect webpages. The Common Vulnerabilities and Exposures<br>project (cve.mitre.org) has assigned the name CAN-2005-0241 to this issue.<br>A buffer overflow bug was found in the WCCP message parser. It is possible<br>that an attacker could send a malformed WCCP message which could crash the<br>Squid server or execute arbitrary code. The Common Vulnerabilities and<br>Exposures project (cve.mitre.org) has assigned the name CAN-2005-0211<br>to this issue.<br>Users of Squid should upgrade to this updated package, which contains<br>backported patches, and is not vulnerable to these issues.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• anchor-id/RHSA-2005:061
• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness