[squid-users] Squid ACL [url_regex] bypass vulnerability

From: Yong Bong Fong <[email protected]>
Date: Tue, 15 Feb 2005 17:17:40 +0800

Dear all,

  I read from http://esikker.dk/vul_14462.php says that

> A bug in Squid allows users to bypass certain access controls by passing a
> URL containing "%00" which exploits the Squid decoding function.
> This may insert a NUL character into decoded URLs, which may allow
> users to
> bypass url_regex access control lists that are enforced upon them.
> In such a scenario, Squid will insert a NUL character after
> the"%00" and it will make a comparison between the URL to the end
> of the NUL character rather than the contents after it: the comparison
> does
> not result in a match, and the user's request is not denied.

Does it mean that any url containing the symbol "%" will not work with
url_regex?
I ask this because whenever I configure my url_regex to detect % it
never does so.

And then i read about the above from some website.
Not sure if I am right in my understanding of the above article.

please help me with that,
thanks a million for helping
Received on Tue Feb 15 2005 - 02:09:17 MST

This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:02 MST