SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   Squid Vendors:   Squid-cache.org
Squid Buffer Overflow in WCCP recvfrom() Lets Remote Users Deny Service
SecurityTracker Alert ID:  1013045
SecurityTracker URL:  http://securitytracker.com/id/1013045
CVE Reference:   CAN-2005-0211   (Links to External Site)
Updated:  Feb 3 2005
Original Entry Date:  Jan 31 2005
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.5.STABLE7 and prior versions
Description:   A vulnerability was reported in Squid in the WCCP recvfrom() call. A remote user can cause Squid to crash.

The vendor reported that a remote user can send a specially crafted and larger than normal WCCP message to the target server to trigger a buffer overflow in recvfrom() and cause Squid to crash.

The system is only vulnerable if configured to send WCCP messages to and receive WCCP messages from a router.

The vendor credits the FSC Vulnerability Research Team with reporting this flaw.
Impact:   A remote user can cause the target Squid server to crash.
Solution:   The vendor has issued a patch for version Squid-2.5.STABLE7:

http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_buffer_overflow.patch
Vendor URL:  www.squid-cache.org/Advisories/SQUID-2005_3.txt (Links to External Site)
Cause:   Boundary error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   None.

 Source Message Contents
Date:  Mon, 31 Jan 2005 02:53:20 -0500
Subject:  http://www.squid-cache.org/Advisories/SQUID-2005_3.txt



__________________________________________________________________

      Squid Proxy Cache Security Update Advisory SQUID-2005:3
__________________________________________________________________

Advisory ID:            SQUID-2005:3
Date:                   January 28, 2005
Summary:                Buffer overflow in WCCP recvfrom() call
Affected versions:      All versions up to and including 2.5.STABLE7
__________________________________________________________________

     http://www.squid-cache.org/Advisories/SQUID-2005_3.txt
__________________________________________________________________

Problem Description:

 The WCCP recvfrom() call accepts more data than will fit in
 the allocated buffer.  An attacker may send a larger-than-normal
 WCCP message to Squid and overflow this buffer.
__________________________________________________________________

Severity:

 The bug is important because it allows remote attackers to crash
 Squid, causing a disription in service.  However, the bug is
 exploitable only if you have configured Squid to send WCCP messages
 to, and expect WCCP replies from, a router.

 Sites that do not use WCCP are not vulnerable.

__________________________________________________________________

Updated Packages:

 An individual patch for this issues can be found in our
 patch archive for version Squid-2.5.STABLE7:

   http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_buffer_overflow.patch

 If necessary, this short patch should also apply to previous
 versions of Squid.

 If you are using a prepackaged version of Squid then please
 refer to the package vendor for availability information on
 updated packages.

__________________________________________________________________

Determining if your version is vulnerable:

 Your installation is vulnerable if you have configured Squid to
 send WCCP messages to a router, and thus expect replies from a
 router.  Look for the 'wccp_router' dirctive in your squid.conf
 file.  Also, look for this line in cache.log:

  Accepting WCCP messages on port 2048, FD 15

__________________________________________________________________

Workarounds:

 If WCCP is not essential to your operation, disable it
 by commenting out the 'wccp_router' directive in
 squid.conf.

 You may also compile Squid without any WCCP code at all
 by giving the --disable-wccp option to the ./configure
 script.

__________________________________________________________________

Contact details for the Squid project:

 For installation / upgrade support: Your first point of contact
 should be your binary package vendor.

 If your install is built from the original Squid sources, then
 the squid-users@squid-cache.org mailing list is your primary
 support point. (see <http://www.squid-cache.org/mailing-lists.html>
 for subscription details).

 For bug reporting, particularly security related bugs the
 squid-bugs@squid-cache.org mailing list is the appropriate forum.
 It's a closed list (though anyone can post) and security related
 bug reports are treated in confidence until the impact has been
 established. For non security related bugs, the squid bugzilla
 database should be used <http://www.squid-cache.org/bugs/>.

__________________________________________________________________

Credits:

 The vulnerability was reported by FSC Vulnerability Research Team.

__________________________________________________________________

Revision history:

 2005-01-28 23:20 GMT Initial release of this document
__________________________________________________________________
END


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC