RE: [squid-users] Squid and MS Proxy 2.0 Denial of service

Simply because Microsoft does not provide much details on this
vulnerability. Also starting about a week ago I noticed several "urlParse:
Illegal character in hostname" in the log for domain names containing either
! Or [] (From unsolicited HTML email messages). I was wondering if these
were attempts to exploit this vulnerability.

Eric.

-----Original Message-----
From: Henrik Nordstrom [mailto:hno@squid-cache.org]
Sent: Monday, April 21, 2003 10:18 AM
To: Eric Galarneau; 'squid-users@squid-cache.org'
Subject: Re: [squid-users] Squid and MS Proxy 2.0 Denial of service

On Monday 21 April 2003 15.31, Eric Galarneau wrote:

> Could Squid also be vulnerable to the same DOS as MS proxy 2.0?
>
> http://www.microsoft.com/technet/treeview/default.asp?url=/technet/
>security/ bulletin/MS03-012.asp

What this describes is an internal bug in implementation of the SOCKS
component of MS proxy 2.0. It has no relation to Squid in any manner
that I can see.

Why do you ask?

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or firewall
appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com