Vigil@nce - SquidClamav: denial of service via URL
September 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use an url containing special characters, to stop
SquidClamav, in order for example to transmit a malware.
Severity: 2/4
Creation date: 17/08/2012
IMPACTED PRODUCTS
– Unix - platform
DESCRIPTION OF THE VULNERABILITY
The SquidClamav program is an interface between the Squid proxy
and the Clam AV antivirus.
The SquidGuard program forbids the access to some urls.
When SquidClamav and SquidGuard are used simultneously, SquidGuard
provides unescaped urls (containing for example %0A instead of
%250A), which forces SquidClamav to add this character (a line
feed) in its command tunnel. The SquidClamav state thus becomes
inconsistent, and the next query stops it.
An attacker can therefore use an url containing special
characters, to stop SquidClamav, in order for example to transmit
a malware.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/SquidClamav-denial-of-service-via-URL-11866