Red Hat Bugzilla – Bug 452467
squidGuard: "trailing dot" domain access restriction bypass
Last modified: 2010-03-22 11:39:50 EDT
squidGuard upstream published security advisory regarding domain access
restriction bypass affecting systems with squid 3.0:
By adding a trailing dot to the domain it is possible to bypass the filter and
access blocked sites.
This only affects people using squidGuard with squid version 3.0 STABLE1 to
STABLE5 (higher version may be affected as well; in any case, if you are running
squid 3.0 make sure to patch). Squid version 2.6 is known to remove trailing
dots from domains before passing the URLs to squidGuard.
See upstream advisory for patch details.
Squid 3.0 is currently shipped in Fedora 9 and Rawhide. Fedora 8 still ships
squid 2.6 and shouldn't be affected by this issue.
1.2.1-2 with this patched on it's way through bodhi.