Vigil@nce: Squid, denial of service via HTCP
February 2010 by Vigil@nce
An attacker can send a malicious HTCP query to Squid, in order to stop it.
Consequences: denial of service of service
Provenance: intranet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: medium (2/3)
Creation date: 12/02/2010
DESCRIPTION OF THE VULNERABILITY
The HTCP (Hypertext Caching Protocol) protocol is used between cache servers. When the htcp_port directive is used in the configuration file of Squid, HTCP is enabled (this is not the default case).
When HTCP is enabled, an attacker can connect to the port 4827, and send an invalid HTCP query. A NULL pointer is then dereferenced in the htcpAccessCheck() function of the src/htcp.c file.
An attacker can therefore send a malicious HTCP query to Squid, in order to stop it.
Identifiers: 2858, BID-38212, CVE-2010-0639, SQUID-2010:2,