Red Hat Bugzilla – Bug 170410
CAN-2005-2794 -2917 squid multiple vulnerabilities
Last modified: 2007-04-18 13:32:44 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20050729 Netscape/126.96.36.199
Description of problem:
05.19.16 CVE: Not Available
Title: Squid Proxy Unspecified DNS Spoofing
Description: Squid Proxy is a freely available, open source web proxy
software package. Squid Proxy is affected by an unspecified DNS
spoofing vulnerability. Squid Proxy versions 2.5 and earlier are known
to be vulnerable.
(2) MODERATE: Multiple Vendor HTTP Request Smuggling
Configurations involving a number of popular web proxy/cache servers and
web application firewalls
Description: A new attack technique named "HTTP Request Smuggling" has
been reported to affect configurations that involve one or more web
entities (i.e. a web proxy server, a web cache server or a web
application firewall) between a user and a web server. The attack can
be carried out by crafting back-to-back HTTP requests that are
interpreted differently by the web entities. For example, if an HTTP
request is crafted with two distinct HTTP "Content-Length" headers, the
two web entities may process the same request by honoring either the
first or the last "Content-Length" header. The discoverers have shown
how an attacker can exploit such behaviors by crafting HTTP requests
that may result in web cache poisoning, bypassing the web firewall,
cross-site scripting (requiring no user interaction) or session
hijacking. The vulnerable example configurations listed in the
discoverers' posting include Sun ONE proxy server, Sun ONE webserver,
CheckPoint Firewall, Microsoft IIS server, Microsoft ISA server, Apache,
Jakarta Tomcat server, IBM WebSphere, BEA WebLogic, Oracle9iAS, Squid,
Delegate and Oracle WebCache.
Status: Squid and CheckPoint have distributed patches. The status
regarding other vendors is not currently known.
Council Site Actions: Two council sites are still evaluating if they are
vulnerable. One site has already patched their system.
05.23.14 CVE: Not Available
Platform: Cross Platform
Title: Multiple Vendor Multiple HTTP Request Smuggling
Description: Multiple vendors are prone to a new class of attack named
"HTTP Request Smuggling". This class of attack basically revolves
around piggybacking a HTTP request inside of another HTTP request. By
leveraging failures to implement the HTTP/1.1 RFC properly, it is
demonstrated that this class of attack may result in cache poisoning,
cross-site scripting, session hijacking and other attacks. Reports
indicate that Microsoft IIS 5.0 is affected.
05.37.15 CVE: CAN-2005-2794
Title: Squid Proxy Aborted Requests Remote Denial of Service
Description: Squid Proxy is a freely available, open source Web proxy
software package. A remote denial of service vulnerability affects the
Squid Proxy. This issue is due to a failure of the application to
properly handle exceptional network requests. A remote attacker may
leverage this issue to crash the affected Squid Proxy, denying service
to legitimate users.
05.40.12 CVE: CAN-2005-2917
Title: Squid Proxy Client NTLM Authentication Denial of Service
Description: Squid Proxy is a web proxy software package. It is
reported to be vulnerable to a denial of service issue. The issue
presents itself when proxy handles certain NTLM request sequences.
Squid Web Proxy Cache version 2.5 .STABLE9 is reported to be
Version-Release number of selected component (if applicable):
Please see attachment #120495 [details] for a listing of all CVE's covered by Bug #152809
and new bugs that we can deal with in this bug report. This attachment is
introduced in bug 152809 comment 12.
Wow...that's great work David. Thanks.
Where do we go from here? Is bug 152809 released?
Let's track this in 152809.
*** This bug has been marked as a duplicate of 152809 ***