SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   squidGuard Vendors:   squidguard.org
squidGuard Buffer Overflow Lets Remote Users Bypass URL Filtering
SecurityTracker Alert ID:  1023079
SecurityTracker URL:  http://securitytracker.com/id/1023079
CVE Reference:   CVE-2009-3700   (Links to External Site)
Date:  Oct 26 2009
Impact:   Denial of service via network, Host/resource access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.3, 1.4
Description:   A vulnerability was reported in squidGuard. A remote user can bypass the URL filtering mechanism. A remote user can cause denial of service conditions.

A remote user can send a specially crafted request to trigger a buffer overflow and cause squidGuard to enter emergency mode (where no requests are filtered).

A remote user can also send a specially crafted request to cause the target service instance to freeze. This can be repeated to cause denial of service conditions.

Matthieu Bouthors reported this vulnerability.

Impact:   A remote user can bypass the URL filtering mechanism.

A remote user can cause denial of service conditions.

Solution:   The vendor has issued a fix (Patch-20091015 and Patch-20091019).
Vendor URL:  squidguard.org/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents

Subject:  squidGuard 1.3 & 1.4 : buffer overflow

Advisory
--------

Date		2009-10-26
Program		squidGuard
URL		http://squidguard.org/
Found by	Matthieu BOUTHORS

Application description
------------------------

SquidGuard is a URL redirector used to use blacklists with the proxysoftware
Squid. There are two big advantages to squidguard: it is fast and it is free.
SquidGuard is published under GNU Public License.

Vulnerability description
-------------------------

Multiple buffer overflow can lead to filtering policy bypass and DoS.

The Common Vulnerabilities and Exposures (CVE) project has assigned
the name CVE-2009-3700 to this issue. This is a candidate for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.

Vulnerability details
----------------------

The vulnerability is due to insecure buffer handling.

For instance in sgLog.c :

 if(vsprintf(msg, format, ap) > (MAX_BUF - 1))

This piece of code may cause a buffer overflow and detects when it's too late.
squidGuard only logs URL with patched bypass attempts (for instance, trailing
dot or double dash, see http://www.squidguard.org/Doc/advisories.html).

MAX_BUF is 4096, squid does not allow URL greater than 4096 characters.
So in order to cause a buffer overflow, the attacker has to use an URL close to
4096 characters. A succesfull attackers would put squidGuard in emergency mode,
in this mode squidGuard approve each requests. A less succesfull attacker can
freeze the squidGuard instance, reproduct this attack can lead to a DoS.

Systems affected
----------------

squidGuard 1.3
squidGuard 1.4

Solution
--------

Two patches has been released by the squidGuard team : Patch-20091015 and
Patch-20091019.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC