Bug 166522 - CAN-2004-2480 squid access control bypass
CAN-2004-2480 squid access control bypass
Status: CLOSED WORKSFORME
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: squid (Show other bugs)
4.0
All Linux
medium Severity low
: ---
: ---
Assigned To: Martin Stransky
impact=low,reported=20050821,public=2...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-08-22 16:17 EDT by Josh Bressers
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-08-29 05:59:37 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2005-08-22 16:17:40 EDT
This issue was discovered by Nuno Costa:
http://archives.neohapsis.com/archives/bugtraq/2004-05/0070.html


hello

im not a expert in this area, but i work in a intranet that haves the
Squid/2.3.STABLE5 filtring all access's to the internet..

so i don't have access to the internet directaly, but i know that this proxy
allow access to especific web sites.. so, in the past if i us this:
http://urlwebsite_allowed.pt -> the vuln that is already discovered... i have
access to the website that i want...
but in this days, this vuln is now fixed so...
in my test's i found this way to pass this proxy, using:
http://website_allowed.ptmy_url -> now i have access...
using url.pt i can bypass the proxy and access the internet, i don't know how
faur, this could go!!
so i don't know if this is a bug from IE or just a simple bug from Squid.. ???
can anyone tell what we have in hands ?
Comment 1 Josh Bressers 2005-08-22 16:18:57 EDT
This issue should also affect RHEL2.1 and RHEL3.
Comment 2 Martin Stransky 2005-08-23 09:24:05 EDT
It was reported against 2.3 version and it seems to affect only this version. I
can't reproduce it on 2.4 or 2.5 version, I'm going to investigate it more...

Comment 3 Josh Bressers 2005-08-23 09:31:26 EDT
Martin,

There is a bit more information and more links in the CVE id:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-2480

I spent some time yesterday looking for this issue in upstream, but didn't find
much.  If it was fixed it was done in a non public manner.
Comment 4 Martin Stransky 2005-08-23 09:58:40 EDT
I went trough it too. It seems to me that this bug disappeared when upstream
switched/rewrited code from 2.3 to 2.4, I spent today googling/searching and I
haven't found anything relevant either. I wrote to original reporter and I'm
going to test the archaic 2.3 version...
Comment 5 Martin Stransky 2005-08-24 05:15:54 EDT
Unable to reproduce on the latest RHEL4, RHEL3, RHEL2.1, FC4 and FC3 + old squid
2.3.STABLE5. I tested it with Mozila/Firefox/IE...
Comment 6 Martin Stransky 2005-08-29 05:59:37 EDT
The original reporter hasn't replied and I can't reproduce it, so I'm closing it
as WORKSFORME. Please reopen if you find more info...

Note You need to log in before you can comment on or make changes to this bug.