SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Squid Vendors:   Squid-cache.org
Squid HTTP Response Processing Bugs Let Remote Users Deny Service to Proxy Client Users
SecurityTracker Alert ID:  1035101
SecurityTracker URL:  http://securitytracker.com/id/1035101
CVE Reference:   CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572   (Links to External Site)
Updated:  Feb 26 2016
Original Entry Date:  Feb 24 2016
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 3.x, 4.x
Description:   Some vulnerabilities were reported in Squid. A remote user can cause denial of service conditions on the target client systems.

A remote server can return a specially crafted HTTP response to trigger an overflow in the proxy, causing all connected client users to be disconnected.

Mathias Fischer from Open Systems AG reported this vulnerability.

A remote server can return a specially crafted HTTP response to trigger an error handling flaw in the proxy, causing all connected client users to be disconnected.

Alex Rousskov from The Measurement Factory reported this vulnerability.

These vulnerabilities are being actively exploited.

Impact:   A remote user can cause the target connected client users to be disconnected.
Solution:   The vendor has issued a fix (3.5.15, 4.0.7).

The vendor's advisory is available at:

http://www.squid-cache.org/Advisories/SQUID-2016_2.txt

Vendor URL:  www.squid-cache.org/Advisories/SQUID-2016_2.txt (Links to External Site)
Cause:   Boundary error, Exception handling error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Mar 7 2016 (Ubuntu Issues Fix) Squid HTTP Response Processing Bugs Let Remote Users Deny Service to Proxy Client Users
Ubuntu has issued a fix for Ubuntu Linux 12.04 LTS, 14.04 LTS, and 15.10.
Nov 4 2016 (Red Hat Issues Fix) Squid HTTP Response Processing Bugs Let Remote Users Deny Service to Proxy Client Users
Red Hat has issued a fix for Red Hat Enterprise Linux 7.
Feb 5 2018 (Ubuntu Issues Fix) Squid HTTP Response Processing Bugs Let Remote Users Deny Service to Proxy Client Users
Ubuntu has issued a fix for Ubuntu Linux 14.04 LTS, 16.04 LTS, and 17.10.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC