Vigil@nce - Squid: denial of service via pinger
September 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send a malicious ICMPv6 packet to the pinger of
Squid, in order to trigger a denial of service.
– Impacted products: Squid
– Severity: 2/4
– Creation date: 09/09/2014
DESCRIPTION OF THE VULNERABILITY
The Squid product offers a pinger tool to query cache servers,
using ICMP packets.
However, pinger does not check if the ICMPv6 reply packet type is
larger than the array storing type names. The pinger tool then
tries to read at an invalid memory address, which stops it.
An attacker can therefore send a malicious ICMPv6 packet to the
pinger of Squid, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Squid-denial-of-service-via-pinger-15297