HTTP Header Port Number Handling Denial of Service Vulnerability
Squid before 3.2.13 and 3.3.8 is prone to a vulnerability,
which can be exploited to cause a DoS (Denial of Service).
The vulnerability is caused due to an error when handling port number values within the "Host" header of HTTP requests
and can be exploited to render the service unusable.
"idnsALookup()" DNS Name Handling Buffer Overflow Vulnerability
Squid before 3.2.12 and 3.3.7 is prone to a vulnerability,
which can be exploited to cause a buffer overflow.
The vulnerability is caused due to an error within the "idnsALookup()" function
when handling DNS query generation requests and can be exploited to cause a buffer overflow by sending specially crafted HTTP requests.
cachemgr.cgi Memory Leak Denial of Service Vulnerability
Squid before 22.214.171.124, 3.2.4, and 3.1.22 is prone to a vulnerability,
which can be exploited by malicious users to cause a DoS (Denial of Service).
The vulnerability is caused due to memory leak errors within cachemgr.cgi when handling certain requests, which can be exploited to consume resources and render the server unusable.
DNS Replies Invalid Free Denial of Service Vulnerability
Squid before 3.1.16 is prone to a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error when processing certain DNS replies,
which can be exploited to trigger an invalid free via e.g. DNS replies containing a CNAME record pointing to another CNAME record pointing to an empty A record.
Gopher Response Processing Buffer Overflow
Squid before 3.0.STABLE26, 3.1.15, and 126.96.36.199 is prone to a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
The vulnerability is caused due to a boundary error when processing Gopher responses and can be exploited to cause a buffer overflow via an overly long string.
String Processing NULL Pointer Dereference Denial Of Service Vulnerability
Squid is prone to a remote denial-of-service vulnerability caused by a NULL pointer dereference.
An attacker can exploit this issue to cause the application to crash,
denying service to legitimate users.
DNS Reply Remote Buffer Overflow Vulnerability
Squid before 3.1.7 is prone to a remote buffer-overflow vulnerability
because it fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application.
HTCP Packet Processing Denial of Service
A denial of service vulnerability exists in Squid Proxy.
The vulnerability is due to a NULL pointer dereference when processing specially crafted Hypertext Caching Protocol (HTCP) packets.
Remote attackers can exploit this issue by sending a malicious HTCP request to the target server.
Successful exploitation could terminate the affected server process abnormally and result in a denial of service condition.
strListGetItem Denial of Service
There exists a denial of service vulnerability in the way Squid handles HTTP headers.
The vulnerability is due to an infinite loop error when processing HTTP headers containing a specific delimiter character.
Remote unauthenticated attackers can exploit this vulnerability by sending specially crafted HTTP request packets containing malicious HTTP headers.
Successful exploitation would consume system resources and may cause the service to terminate.
Multiple Remote Denial of Service Vulnerabilities
Squid before 3.0.STABLE17 and 188.8.131.52 is prone to multiple remote denial-of-service vulnerabilities.
Successfully exploiting these issues allow remote attackers to crash the affected application, denying further service to legitimate users.
ICAP Adaptation Denial of Service
Squid is prone to a remote denial-of-service vulnerability
because the proxy server fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.
Successfully exploiting this issue allows remote authenticated attackers to consume excessive memory,
resulting in a denial-of-service condition.
HTTP Version Number Parsing Denial of Service
There exists a denial of service vulnerability in the way Squid handles HTTP version number.
The vulnerability is due to inappropriate parsing the version number when processing malformed HTTP requests.
Remote unauthenticated attackers can exploit this vulnerability
by sending specially crafted HTTP request packets to an affected system.
Successful exploitation may cause the service to terminate.
Cached Objects HTTP headers temporary denial of service
Squid 2.6.STABLE17 has a flaw in the way it manipulated HTTP
headers for cached objects stored in system memory. An attacker
could use this flaw to cause a squid child process to exit. This
interrupted existing connections and made proxy services unavailable.
Note: the parent squid process started a new child process,
so this attack only resulted in a temporary denial of service.
Squid Proxy Cache Update Denial of Service
Squid Proxy prior to version 2.6STABLE17, all 3.0PRE versions and 3.0RC1 have a denial-of-service
vulnerability. This vulnerability is caused by memory exhaustion due
to a linked table which grows on every server response
with a 304 status code within an HTTP session.
Squid Proxy TRACE Request Remote Denial of Service
The Squid proxy has a denial-of-service vulnerability. The vulnerability is due to a failure
to handle exceptional conditions (Max-Forwards=0) when processing an HTTP TRACE request within the Squid proxy.
Successfully exploiting this issue allows unauthenticated remote attackers to terminate a vulnerable
Squid proxy server, creating a denial of service condition to legitimate users. Squid 2.6 prior to 2.6STABLE12 is
Multiple Vulnerabilities fixed in 2.6.STABLE7
Squid versions earlier than 2.6.STABLE7 are affected by the following vulnerabilities:
- CVE 2007-0247
Denial of Service due to core dump via crafted FTP directory listing responses
- CVE 2007-0248
Denial of Service due to external_acl queue overload, which triggers an infinite loop
Vulnerability in Squid 2.5.STABLE11
Squid 2.5.STABLE11 and earlier is affected by the following vulnerability:
Denial of service due to odd responses in remote FTP servers under certain conditions.
Multiple Vulnerabilities in Squid 2.5.STABLE10
Squid 2.5.STABLE10 and earlier are affected by the following vulnerabilities:
- CVE 2005-2794
Denial of service due to assertion failures in certain conditions involving aborted requests
- CVE 2005-2796
Denial of service due to segmentation fault in sslConnectTimeout
Multiple Vulnerabilities in Squid 2.5.STABLE9
Due to a race condition, it is possible for cookies to
leak to unintended users, possibly disclosing login
credentials or other sensitive information. This
vulnerability is only an issue when Squid communicates with
a server which relies on obsolete Netscape specifications
on caching of Set-Cookie headers. Squid 2.5 STABLE 7
through 9 are affected by this vulnerability.
Other vulnerabilities in Squid 2.5.STABLE9 include:
- CVE 2005-1345
Unexpectedly permissive access controls if configuration has invalid ACLs
- CVE 2005-1519
DNS response spoofing due to predictable transaction IDs
DNS Response Denial of Service
Invalid DNS responses can cause Squid to terminate. An attacker
who controls an authoritative DNS server could exploit this
issue to cause a denial of service. Squid 2.5 STABLE5 through
STABLE8 are affected by this vulnerability.
Squid 2.5.STABLE7 and earlier are susceptible to HTTP
request smuggling attacks. This type of attack occurs when
an HTTP request contains malformed headers (such as
extraneous whitespace or carriage return characters) or duplicated
headers (such as two Content-Length headers). The Squid
proxy may interpret the malformed request as a single request
while the destination web server interprets it as two
requests, causing the responses to any subsequent requests to become
cached incorrectly. This could allow an attacker to poison
the cache, such that users who request certain legitimate
pages would receive spoofed content.
Multiple Vulnerabilities in Squid 2.5.STABLE7
There are multiple vulnerabilities affecting Squid 2.5.STABLE7 and earlier, including:
- CVE 2005-0094
Buffer overflow in Gopher response parsing
- CVE 2005-0095
Denial of service in processing WCCP messages with spoofed source addresses
- CVE 2005-0173
Access control bypass in squid_ldap_auth using a leading or trailing space in user name
- CVE 2005-0175
Cache poisoning by an HTTP response splitting attack
- CVE 2005-0194
Access control bypass due to empty access control lists or proxy_auth ACLs without defined auth schemes
- CVE 2005-0211
Buffer overflow in processing long WCCP packets
- CVE 2005-0241
Access control bypass or cache poisoning by oversized HTTP reply headers
- CVE 2005-0718
Denial of service by aborted PUT or POST requests
SNMP Module ASN1 Parsing Error
The asn_parse_header function in some cases
allows negative length fields to pass validation. This causes
a memory allocation to fail, after which the server restarts.
Since it takes only a single UDP datagram to cause a
restart, and the restart takes several seconds, repeated
attacks could lead to a denial of service. Squid 2.5.STABLE6
and earlier and 3.0.PRE1 through 3.0.PRE3 are affected by
this vulnerability if the SNMP module is enabled. The
SNMP module is only enabled if both the snmp_port
variable is non-zero in the squid.conf file and
the --enable-snmp option was used when
url_regex access control bypass
Servers which use url_regex access controls
do not properly check URLs containing encoded
null characters (%00). A remote attacker
could bypass URL-based access controls by including the
%00 sequence in a specially crafted URL.
Squid 2.5 STABLE 4 and earlier versions are affected.
Heap overflow in compressed DNS message handling
A heap overflow in the processing of compressed DNS answer
messages could cause the Squid process to stop with a
segmentation fault. This could allow a remote attacker who
has control of a DNS server to crash the Squid proxy. Squid
2.4.STABLE4 and earlier, and pre-release versions of Squid
2.5 and 2.6 downloaded prior to March 12, 2002 are affected
by this vulnerability.
FTP proxy buffer overflow
When processing FTP proxy requests, Squid
allocates a buffer based upon the size of the original request,
but copies into that buffer a string which may contain URL-encoded
characters, which could overflow the buffer. This condition, if
exploited a number of times, could lead to a denial of service.
It could also be possible for a remote attacker to execute
arbitrary commands. Versions of Squid prior to 2.4.STABLE4 are
affected by this vulnerability.
Access Control List bypass vulnerabilities
Multiple vulnerabilities could allow a remote attacker to
bypass the access control lists on a Squid proxy, thus permitting
port scanning and possibly remote access from unauthorized
hosts. Squid versions prior to 2.4.STABLE3 may be affected
by one or more of these vulnerabilities.
Newline Authentication Flaw
When authenticating to the Squid proxy service, a client
sends a base-64 encoded user name and password pair. When
the server decodes the pair, it does not remove newline and
carriage return characters. Pairs containing newline and
carriage return characters are interpreted as two pairs instead
of one, thereby using one pair for authentication of the current
client, and queueing the second pair for the next client. If the
service is actively used by users with valid user name and password
pairs, an attacker could exploit this situation and gain access
to the service due to a prior user's user name and password
being at the front of the queue.
Squid 2.2.STABLE5 and earlier are affected by this vulnerability.
FTP PUT denial of service
A request to the Squid proxy server which uses the PUT
request method for an FTP address could cause the proxy
service to crash if the request only creates a directory
(mkdir). Versions of Squid prior to 2.4.STABLE3 are
affected by this vulnerability.
Other miscellaneous vulnerabilities
Other miscellaneous vulnerabilities in outdated versions of Squid
in certain configurations could allow a remote attacker to consume
system resources or conduct unauthorized port scanning.