Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   squidGuard Vendors:
squidGuard Buffer Overflow Lets Remote Users Bypass URL Filtering
SecurityTracker Alert ID:  1023079
SecurityTracker URL:
CVE Reference:   CVE-2009-3700   (Links to External Site)
Date:  Oct 26 2009
Impact:   Denial of service via network, Host/resource access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.3, 1.4
Description:   A vulnerability was reported in squidGuard. A remote user can bypass the URL filtering mechanism. A remote user can cause denial of service conditions.

A remote user can send a specially crafted request to trigger a buffer overflow and cause squidGuard to enter emergency mode (where no requests are filtered).

A remote user can also send a specially crafted request to cause the target service instance to freeze. This can be repeated to cause denial of service conditions.

Matthieu Bouthors reported this vulnerability.

Impact:   A remote user can bypass the URL filtering mechanism.

A remote user can cause denial of service conditions.

Solution:   The vendor has issued a fix (Patch-20091015 and Patch-20091019).
Vendor URL: (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.

 Source Message Contents

Subject:  squidGuard 1.3 & 1.4 : buffer overflow


Date		2009-10-26
Program		squidGuard
Found by	Matthieu BOUTHORS

Application description

SquidGuard is a URL redirector used to use blacklists with the proxysoftware
Squid. There are two big advantages to squidguard: it is fast and it is free.
SquidGuard is published under GNU Public License.

Vulnerability description

Multiple buffer overflow can lead to filtering policy bypass and DoS.

The Common Vulnerabilities and Exposures (CVE) project has assigned
the name CVE-2009-3700 to this issue. This is a candidate for
inclusion in the CVE list (, which standardizes
names for security problems.

Vulnerability details

The vulnerability is due to insecure buffer handling.

For instance in sgLog.c :

 if(vsprintf(msg, format, ap) > (MAX_BUF - 1))

This piece of code may cause a buffer overflow and detects when it's too late.
squidGuard only logs URL with patched bypass attempts (for instance, trailing
dot or double dash, see

MAX_BUF is 4096, squid does not allow URL greater than 4096 characters.
So in order to cause a buffer overflow, the attacker has to use an URL close to
4096 characters. A succesfull attackers would put squidGuard in emergency mode,
in this mode squidGuard approve each requests. A less succesfull attacker can
freeze the squidGuard instance, reproduct this attack can lead to a DoS.

Systems affected

squidGuard 1.3
squidGuard 1.4


Two patches has been released by the squidGuard team : Patch-20091015 and


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC