SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  Squid Vendors:  Squid-cache.org
Squid Null Pointer Dereference in clientAbortBody() Lets Remote Users Crash the Proxy
SecurityTracker Alert ID:  1011214
SecurityTracker URL:  http://securitytracker.com/id?1011214
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
OSVDB Reference:  9801   (Links to External Site)
Updated:  Feb 24 2006
Original Entry Date:  Sep 11 2004
Impact:  Denial of service via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): 2.5.STABLE5 and prior versions
Description:  d3thStaR reported a vulnerability in Squid. A remote user can cause the proxy to crash.

It is reported that a remote user can trigger a segmentation fault due to a null pointer dereference in the clientAbortBody() function in 'client_side.c'.

The bug was originally reported to the vendor by M.A.Young.
Impact:  A remote user can cause the target proxy service to crash.
Solution:  The vendor has issued a fixed version (2.5.STABLE6, 3.0).
Vendor URL:  www.squid-cache.org/bugs/show_bug.cgi?id=972 (Links to External Site)
Cause:  Boundary error
Underlying OS:  Linux (Any), UNIX (Any)
Reported By:  d3thstar@rootthief.com
Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 16 2004 (Fedora Issues Fix for FC2) Squid Overflow in clientAbortBody() Lets Remote Users Crash the Proxy   (Jay Fenlason <fenlason@redhat.com>)
Fedora has released a fix for Fedora Core 2.


 Source Message Contents
Date:  Fri, 10 Sep 2004 20:14:09 -0500 (CDT)
From:  d3thstar@rootthief.com
Subject:  Squid-Cache Buffer Overflow Vulnerablility

 
 
==========================================
Squid-Cache Buffer Overflow Vulnerablility
==========================================
Dicovered by- d3thStaR [!SUI] <d3thStaR /at/ rootthief.com>
Greets: !SUI Crew, Atomix, mGrD, e0r, rootthief.com.
Sources:  Bug #972
Confirmed products effected- squid-2.5.STABLE6 and earlier
 
=======Description of Problem=======
The function clientAbortBody can cause a segmentation fault.
 
if (!conn->body.callback || conn->body.request != request)
return;
buf = conn->body.buf;
 
This was a problem supposed to be address in STABLE5 by changing:
 
 
if (!conn->body.callback || conn->body.request != request)
to
if (conn == NULL || !conn->body.callback || conn->body.request != request)
 
The problem still exists and still can crash the program.
 
=======Product Description=======
Squid is...
- a full-featured Web proxy cache
- designed to run on Unix systems
- free, open-source software
- the result of many contributions by unpaid (and paid) volunteers
 
Squid supports...
- proxying and caching of HTTP, FTP, and other URLs
- proxying for SSL
- cache hierarchies
- ICP, HTCP, CARP, Cache Digests
- transparent caching
- WCCP (Squid v2.3 and above)
- extensive access controls
- HTTP server acceleration
- SNMP
- caching of DNS lookups
 
Vendor- squid-cache.org
Notified- 9/10/2004_8:00pm/Central
 
d3thStaR
<d3thStaR at rootthief.com>


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2006, SecurityGlobal.net LLC