Plugin ID | 321 |
Plugin name | Squid prior 2.5.STABLE7 Web Proxy Cache Remote Denial of Service Vulnerability |
Plugin filename | Squid prior 2.5.STABLE7 Web Proxy Cache Remote Denial of Service Vulnerability.plugin |
Plugin filesize | 2670 bytes |
Plugin family | Denial of Service |
Plugin created name | David Nester |
Plugin created email | david at icrew dot org |
Plugin created web | http://www.icrew.org |
Plugin created company | iCrew Security |
Plugin created date | 2004/12/5 |
Plugin version | 1.1 |
Plugin protocol | tcp |
Plugin port | 3128 |
Plugin procedure detection | open|send HEAD / HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/#.# ### *squid/2.5.STABLE* |
Plugin detection accuracy | 80 |
Plugin comment | This plugin was written with the ATK Attack Editor. |
Bug published name | Anonymous |
Bug published web | |
Bug published date | 2004/10/11 |
Bug produced name | Squid Web Proxy |
Bug produced web | http://www.squid-cache.org/ |
Bug not affected | Other versions or solutions |
Bug vulnerability class | Denial Of Service |
Bug description | Squid is a popular unix based web proxy software. A denial of service condition has been disclosed in the SNMP component of Squid that could allow a remote attacker to crash the service by sending a malicious UDP packet. The problem occurs in the code to handle parsing ASN.1 data. Due to a programming error it is possible under certain circumstances to pass a negative value for a field length specifier, causing the service to abort. Note that Squid must be compiled with SNMP support to be vulnerable. |
Bug solution | Download the latest release from the vendor. http://www.squid-cache.org/ |
Bug fixing time | Approx. 2 hours |
Bug exploit availability | No |
Bug remote | Yes |
Bug local | No |
Bug severity | Low |
Bug popularity | 1 |
Bug simplicity | 2 |
Bug impact | 7 |
Bug risk | 2 |
Source CVE | CAN-2004-0918 |
Source ISS X-Force ID | 17688 |
Source RedHat Security Advisory ID | RHSA-2004-591 |
Source Literature | Hacking Intern - Angriffe, Strategien, Abwehr, Marc Ruef, Marko Rogge, Uwe Velten and Wolfram Gieseke, November 1, 2002, Data Becker, Düsseldorf, ISBN 381582284X |
Source Misc. | http://www.squid-cache.org/ |