From Bugzilla Helper: User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.2.17-14enterprise i686) Description of problem: Squid has a known bug in 2.3STABLE4 which ignores acl's in httpd_accel mode. This enables portscanning via squid running in this mode potentially allowing How reproducible: Always Steps to Reproduce: 1.Set squid to httpd_accel mode, with a particular host and strict acl's 2. export httpd_proxy="http://squid-server:port" 3. lynx http://victim:22/ Actual Results: You get a http 200 code if the port is open and sometimes a response with some services SSH, SMTP, etc Expected Results: Should be access denied Additional info: RH 7.1 using squid-2.3.STABLE4-10 includes these patches
Created attachment 23087 [details] Exploit
Created attachment 23088 [details] Sample config file
Fixed in the errata release.