Signature Detail

APP: Squid Proxy HTCP Packet Processing Denial of Service

A denial of service vulnerability exists in Squid Proxy. The vulnerability is due to a NULL pointer dereference when processing specially crafted Hypertext Caching Protocol (HTCP) packets. Remote attackers can exploit this issue by sending a malicious HTCP request to the target server. Successful exploitation could terminate the affected server process abnormally and result in a denial of service condition.

Extended Description

Squid Web Proxy Cache is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

Affected Products

• Gentoo Linux
• Mandriva Corporate Server 4.0
• Mandriva Corporate Server 4.0.0 X86 64
• Mandriva Enterprise Server 5
• Mandriva Enterprise Server 5 X86 64
• Mandriva Linux Mandrake 2008.0
• Mandriva Linux Mandrake 2008.0 X86 64
• Mandriva Linux Mandrake 2009.0
• Mandriva Linux Mandrake 2009.0 X86 64
• Mandriva Linux Mandrake 2009.1
• Mandriva Linux Mandrake 2009.1 X86 64
• Mandriva Linux Mandrake 2010.0
• Mandriva Linux Mandrake 2010.0 X86 64
• Red Hat Fedora 12
• Red Hat Fedora 13
• Squid Web Proxy Cache 2.0.0 PATCH2
• Squid Web Proxy Cache 2.1.0 PATCH2
• Squid Web Proxy Cache 2.3.0 .STABLE4
• Squid Web Proxy Cache 2.3.0 .STABLE5
• Squid Web Proxy Cache 2.4.0
• Squid Web Proxy Cache 2.4.0 .STABLE2
• Squid Web Proxy Cache 2.4.0 .STABLE4
• Squid Web Proxy Cache 2.4.0 .STABLE6
• Squid Web Proxy Cache 2.4.0 .STABLE7
• Squid Web Proxy Cache 2.5.0 .STABLE1
• Squid Web Proxy Cache 2.5.0 .STABLE10
• Squid Web Proxy Cache 2.5.0 .STABLE3
• Squid Web Proxy Cache 2.5.0 .STABLE4
• Squid Web Proxy Cache 2.5.0 .STABLE5
• Squid Web Proxy Cache 2.5.0 .STABLE6
• Squid Web Proxy Cache 2.5.0 .STABLE7
• Squid Web Proxy Cache 2.5.0 .STABLE8
• Squid Web Proxy Cache 2.5.0 .STABLE9
• Squid Web Proxy Cache 2.5.STABLE11
• Squid Web Proxy Cache 2.5.STABLE12
• Squid Web Proxy Cache 2.5.STABLE13
• Squid Web Proxy Cache 2.5.STABLE14
• Squid Web Proxy Cache 2.6
• Squid Web Proxy Cache 2.6.STABLE1
• Squid Web Proxy Cache 2.6.STABLE12
• Squid Web Proxy Cache 2.6.STABLE13
• Squid Web Proxy Cache 2.6.STABLE14
• Squid Web Proxy Cache 2.6.STABLE15
• Squid Web Proxy Cache 2.6.STABLE16
• Squid Web Proxy Cache 2.6.STABLE17
• Squid Web Proxy Cache 2.6.STABLE18
• Squid Web Proxy Cache 2.6.STABLE2
• Squid Web Proxy Cache 2.6.STABLE3
• Squid Web Proxy Cache 2.6.STABLE4
• Squid Web Proxy Cache 2.6.STABLE5
• Squid Web Proxy Cache 2.6.STABLE6
• Squid Web Proxy Cache 2.6.STABLE7
• Squid Web Proxy Cache 2.7
• Squid Web Proxy Cache 2.7.STABLE5
• Squid Web Proxy Cache 2.7.STABLE6
• Squid Web Proxy Cache 3.0.0
• Squid Web Proxy Cache 3.0.0 PRE1
• Squid Web Proxy Cache 3.0.0 PRE2
• Squid Web Proxy Cache 3.0.0 PRE3
• Squid Web Proxy Cache 3.0.STABLE1
• Squid Web Proxy Cache 3.0.STABLE12
• Squid Web Proxy Cache 3.0.STABLE13
• Squid Web Proxy Cache 3.0.STABLE16
• Squid Web Proxy Cache 3.0.STABLE17
• Squid Web Proxy Cache 3.0.STABLE2
• Squid Web Proxy Cache 3.0.STABLE21
• Squid Web Proxy Cache 3.0.STABLE22
• Squid Web Proxy Cache 3.0.STABLE23
• Squid Web Proxy Cache 3.0.STABLE3
• Squid Web Proxy Cache 3.0.STABLE4
• Squid Web Proxy Cache 3.0.STABLE5
• Squid Web Proxy Cache 3.0.STABLE6
• Squid Web Proxy Cache 3.0.STABLE7
• Ubuntu Ubuntu Linux 8.04 LTS Amd64
• Ubuntu Ubuntu Linux 8.04 LTS I386
• Ubuntu Ubuntu Linux 8.04 LTS Lpia
• Ubuntu Ubuntu Linux 8.04 LTS Powerpc
• Ubuntu Ubuntu Linux 8.04 LTS Sparc
• Ubuntu Ubuntu Linux 8.10 Amd64
• Ubuntu Ubuntu Linux 8.10 I386
• Ubuntu Ubuntu Linux 8.10 Lpia
• Ubuntu Ubuntu Linux 8.10 Powerpc
• Ubuntu Ubuntu Linux 8.10 Sparc
• Ubuntu Ubuntu Linux 9.04 Amd64
• Ubuntu Ubuntu Linux 9.04 I386
• Ubuntu Ubuntu Linux 9.04 Lpia
• Ubuntu Ubuntu Linux 9.04 Powerpc
• Ubuntu Ubuntu Linux 9.04 Sparc
• Ubuntu Ubuntu Linux 9.10 Amd64
• Ubuntu Ubuntu Linux 9.10 I386
• Ubuntu Ubuntu Linux 9.10 Lpia
• Ubuntu Ubuntu Linux 9.10 Powerpc
• Ubuntu Ubuntu Linux 9.10 Sparc

References

• BugTraq: 38212
• CVE: CVE-2010-0639