Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Squid, denial of service via comma

August 2009 by Vigil@nce

When Squid is configured with an external ACL, an attacker can use
a comma to generate an infinite loop.

Severity: 2/4

Consequences: denial of service of service

Provenance: intranet client

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: medium (2/3)

Creation date: 19/08/2009

IMPACTED PRODUCTS

 Squid cache

DESCRIPTION OF THE VULNERABILITY

The external_acl_type configuration directive indicates an
external program to manage the access. For example :
external_acl_type my_auth %Cookie:... /bin/my_prog
The second parameter indicates associated items (such as cookies
in this example).

The strListGetItem() function of the file HttpHeaderTools.c
(version 2.x) or HttpHeaderTools.cc (version 3.x) is used to split
associated items. For example, the cookie has to be split as Path,
Expires and Max-Age:
Cookie: ... Path=; Expires=Wed, 31-Dec-97 23:59:59 GMT; Max-Age=0
However, the comma character is handled as a field separator. The
comma located inside the date field thus generates an infinite
loop.

When Squid is configured with an external ACL, an attacker can
therefore use a comma to generate denial of service.

CHARACTERISTICS

Identifiers: 2704, 534982, BID-36091, CVE-2009-2855,
VIGILANCE-VUL-8959

http://vigilance.fr/vulnerability/Squid-denial-of-service-via-comma-8959


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts