Yes. The patch was available before the information was made public.
http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE2-ftp_create_directory
Squid-2.4.STABLE3 and later is fixed.
Regards
Henrik Nordström
Squid Developer
On Monday 28 January 2002 11.22, Awie wrote:
> Hi all,
>
> I just read an article at SECURITY FOCUS web site about Squid Web
> Proxy Cache Denial of Service Vulnerability
>
> "A problem exists in the manner which Squid handles requests to
> make FTP directories on proxied services. An attacker who makes a
> specially crafted request via the Squid proxy will be able to cause
> a denial of service to the proxy.
>
> If affected with a denial of service then Squid must be restarted
> to regain normal functionality. "
>
>
> Is it already solved? Is there a patch already?
>
> Please advise.
>
> Thx & rgds,
>
> Awie
-- MARA Systems AB, Giving you basic free Squid support Customized solutions, packaged solutions and priority support available on requestReceived on Tue Feb 12 2002 - 21:53:04 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:14 MST