__________________________________________________________________ Squid Proxy Cache Security Update Advisory SQUID-2005:1 __________________________________________________________________ Advisory ID: SQUID-2005:1 Date: January 15, 2005 Summary: Buffer overflow in Gopher reply parser Affected versions: All versions up to and including 2.5.STABLE7 __________________________________________________________________ http://www.squid-cache.org/Advisories/SQUID-2005_1.txt __________________________________________________________________ Problem Description: A bug exists in the code that parses responses from Gopher servers. The bug results in a buffer overflow if a Gopher server returns a line longer than 4096 bytes. The overflow results in memory corruption and usually crashes Squid. __________________________________________________________________ Severity: A malicious user may set up a fake Gopher server and forward requests to it through Squid. Specially crafted responses from that server may cause Squid to restart. We do not beleive that this overflow allows arbitrary code execution popular platforms. __________________________________________________________________ Updated Packages: An individual patch for this issues can be found in our patch archive for version Squid-2.5.STABLE7: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-gopher_html_parsing.patch If necessary, this short patch should also apply to previous versions of Squid. If you are using a prepackaged version of Squid then please refer to the package vendor for availability information on updated packages. __________________________________________________________________ Determining if your version is vulnerable: Squid versions up to, and including, 2.5.STABLE7 are vulnerable. __________________________________________________________________ Workarounds: Since real Gopher servers are extremely rare these days, there is almost no reason for Squid to contact a Gopher server. You can add a simple access control rule to deny all Gopher requests to Squid: acl Gopher proto Gopher http_access deny Gopher Restart or reconfigure Squid after editing squid.conf. Test your access controls with a simple request: % squidclient gopher://127.0.0.1/ You should see an "Access Denied" message. __________________________________________________________________ Contact details for the Squid project: For installation / upgrade support: Your first point of contact should be your binary package vendor. If your install is built from the original Squid sources, then the squid-users@squid-cache.org mailing list is your primary support point. (see for subscription details). For bug reporting, particularly security related bugs the squid-bugs@squid-cache.org mailing list is the appropriate forum. It's a closed list (though anyone can post) and security related bug reports are treated in confidence until the impact has been established. For non security related bugs, the squid bugzilla database should be used . __________________________________________________________________ Credits: The vulnerability was reported by infamous41md. __________________________________________________________________ Revision history: 2005-01-15 03:55 GMT Initial release of this document 2010-09-16 07:05 GMT Reference link updates __________________________________________________________________ END