Friday Squid Blogging: Vulnerabilities in Squid Server
It’s always nice when I can combine squid and security:
Multiple versions of the Squid web proxy cache server built with Basic Authentication features are currently vulnerable to code execution and denial-of-service (DoS) attacks triggered by the exploitation of a heap buffer overflow security flaw.
The vulnerability present in Squid 4.0.23 through 4.7 is caused by incorrect buffer management which renders vulnerable installations to “a heap overflow and possible remote code execution attack when processing HTTP Authentication credentials.”
“When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data,” says MITRE’s description of the vulnerability. “Squid does not check that the decoded length isn’t greater than the buffer, leading to a heap-based buffer overflow with user controlled data.”
The flaw was patched by the web proxy’s development team with the release of Squid 4.8 on July 9.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Dancing On Thin Ice • August 23, 2019 7:12 PM
A website’s guestbook is getting heavy spam.
CAPTCHA is being bypassed and I’ve notified a budget hosting company that their backend must have been compromized.
I added a nonsense field using their guestbook form generator but that code was never used on the website
Bad posts with web links to Яussian sites stand out from legitimate comments because they include the phony field filled in.
It’s a budget plan of just editing html so CSS hides new posts until there’s time to review for any legit posts.
Not naming them to give them a chance to respond to the info provided to them.