Red Hat Bugzilla – Bug 1264452
squid: Incorrect message size checking in HTTP Proxy causes DoS
Last modified: 2015-10-27 10:31:45 EDT
Vulnerability in SSL/TLS parser in Squid HTTP Proxy was found caused by incorrect message size checks and assumptions about the existence of TLS extensions in the SSL/TLS handshake message. This can lead to very high CPU consumption (up to and including 'infinite loop' behaviour). Vulnerable versions are 126.96.36.199 to 3.5.8 (inclusive), which are built with OpenSSL and configured for "SSL-Bump" decryption. This can be exploited remotely. Although there is one layer of authorization applied before this processing to check that the client is allowed to use the proxy, the check is considered generally weak.
Created attachment 1074919 [details]
Created squid tracking bugs for this issue:
Affects: fedora-all [bug 1264455]
I believe this was introduced via:
This code never made it into RHEL5, 6, or 7.
This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 5, 6, and 7.