Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 APP:PROXY:SQUID-WCCP-BO

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 APP

Keywords

 Squid WCCP Message Receive Buffer Overflow

Release Date

 2005/08/10

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

APP: Squid WCCP Message Receive Buffer Overflow


This signature detects malformed WCCP datagrams. A vulnerability exists in the way the Squid Web proxy processes Web Cache Communication Protocol (WCCP) messages. An overly long UDP datagram can trigger a buffer overflow. This vulnerability can be exploited to terminate the vulnerable product, causing a denial-of-service condition or it can be exploited for code execution.

Extended Description

The Squid proxy server is vulnerable to a remotely exploitable buffer-overflow vulnerability. The vulnerability resides in Squid's implementation of WCCP (web cache communication protocol), a UDP-based web cache management protocol. The condition is triggered when the server reads a packet that is larger than the size of the buffer allocated to store it. This can occur because 'recvfrom()' is passed an incorrect value for its 'len' argument.

Affected Products

  • Astaro Security Linux 2.0.0 16
  • Astaro Security Linux 2.0.0 23
  • Astaro Security Linux 2.0.0 24
  • Astaro Security Linux 2.0.0 25
  • Astaro Security Linux 2.0.0 26
  • Astaro Security Linux 2.0.0 27
  • Astaro Security Linux 2.0.0 30
  • Astaro Security Linux 3.2.0 00
  • Astaro Security Linux 3.2.0 10
  • Astaro Security Linux 3.2.0 11
  • Astaro Security Linux 3.2.0 12
  • Astaro Security Linux 3.2.0 15
  • Astaro Security Linux 3.2.0 16
  • Astaro Security Linux 3.217.0
  • Astaro Security Linux 4.0.0 08
  • Astaro Security Linux 4.0.0 16
  • Red Hat Fedora Core1
  • Red Hat Fedora Core2
  • Red Hat Linux 7.3.0 I386
  • Red Hat Linux 9.0.0 I386
  • SGI ProPack 3.0.0
  • Squid Web Proxy Cache 2.0.0 PATCH2
  • Squid Web Proxy Cache 2.1.0 PATCH2
  • Squid Web Proxy Cache 2.3.0 .STABLE4
  • Squid Web Proxy Cache 2.3.0 .STABLE5
  • Squid Web Proxy Cache 2.4.0
  • Squid Web Proxy Cache 2.4.0 .STABLE2
  • Squid Web Proxy Cache 2.4.0 .STABLE6
  • Squid Web Proxy Cache 2.4.0 .STABLE7
  • Squid Web Proxy Cache 2.5.0 .STABLE1
  • Squid Web Proxy Cache 2.5.0 .STABLE3
  • Squid Web Proxy Cache 2.5.0 .STABLE4
  • Squid Web Proxy Cache 2.5.0 .STABLE5
  • Squid Web Proxy Cache 2.5.0 .STABLE6
  • Squid Web Proxy Cache 2.5.0 .STABLE7
  • SuSE Linux 8.0.0
  • SuSE Linux 8.0.0 i386
  • SuSE Linux 8.1.0
  • SuSE Linux Personal 8.2.0
  • SuSE Linux Personal 9.0.0
  • SuSE Linux Personal 9.0.0 X86 64
  • SuSE Linux Personal 9.1.0
  • SuSE Linux Personal 9.2.0

References

  • BugTraq: 12432
  • CVE: CVE-2005-0211
  • URL: http://www.kb.cert.org/vuls/id/886006
  • URL: http://www.squid-cache.org/Advisories/SQUID-2005_3.txt

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out