Signature Detail

HTTP: Squid Proxy TRACE Request Remote Denial of Service

This signature detects attempts to exploit a known vulnerability against the Squid proxy server. Attackers can send a specially crafted "TRACE" request that can cause the process to restart.

Extended Description

Squid is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain TRACE requests. Successfully exploiting this issue allows remote attackers to crash the affected application, denying futher service to legitimate users. This issue affects version 2.6.

Affected Products

• Gentoo Linux
• Mandriva Corporate Server 3.0.0
• Mandriva Corporate Server 3.0.0 X86 64
• Mandriva Corporate Server 4.0
• Mandriva Corporate Server 4.0.0 X86 64
• Mandriva Linux Mandrake 2006.0.0
• Mandriva Linux Mandrake 2006.0.0 X86 64
• Mandriva Linux Mandrake 2007.0
• Mandriva Linux Mandrake 2007.0 X86 64
• Mandriva Multi Network Firewall 2.0.0
• Red Hat Enterprise Linux 5 Server
• Red Hat Enterprise Linux Desktop Workstation 5 Client
• Squid Web Proxy Cache 2.6
• SuSE openSUSE 10.2
• Turbolinux Appliance Server 1.0.0 Hosting Edition
• Turbolinux Appliance Server 1.0.0 Workgroup Edition
• Turbolinux Appliance Server 2.0
• Turbolinux Appliance Server Hosting Edition 1.0.0
• Turbolinux Appliance Server Workgroup Edition 1.0.0
• Turbolinux Turbolinux Server 10.0.0
• Turbolinux Turbolinux Server 10.0.0 X64
• Turbolinux Turbolinux Server 8.0.0
• Ubuntu Ubuntu Linux 6.10 Amd64
• Ubuntu Ubuntu Linux 6.10 I386
• Ubuntu Ubuntu Linux 6.10 Powerpc
• Ubuntu Ubuntu Linux 6.10 Sparc

References

• BugTraq: 23085
• CVE: CVE-2007-1560