[squid-users] RE: Advisory SQUID-2010:2 - Remote Denial of Service issue in HCTP

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 16 Feb 2010 09:44:57 +1300

On Mon, 15 Feb 2010 09:19:40 -0800, Andy Litzinger
<Andy.Litzinger_at_theplatform.com> wrote:
> Does the HTCP port have to be open towards the attacker or can the
> attacker exploit the bug through a squid listening port? i.e. If I have
a
> firewall in front of squid (reverse proxy) that only allows port 80/443
in
> from the web and HTCP is bound to some other port am I at risk from
> attackers outside my firewall?

As long as the attacker can get a packet into the HTCP listener port they
can crash Squid.

NP: that differs from the http_port.

A firewall prevents external access to the HTCP port drops the severity.
But, it might still be exploited by internal machines though, so still
vulnerable.

Also note, Squid passes these messages on _unchanged_ to its peers
regardless of its own handling, so making one gateway Squid immune does not
protect those behind it.

Amos
Received on Mon Feb 15 2010 - 20:45:02 MST

This archive was generated by hypermail 2.2.0 : Tue Feb 16 2010 - 12:00:05 MST