Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 SNMP:SQUID-PROXY-ASN1-OF

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 SNMP

Keywords

 Squid SNMP Proxy ASN.1 Parser Overflow

Release Date

 2004/11/17

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

SNMP: Squid SNMP Proxy ASN.1 Parser Overflow


This signature detects attempts to exploit a known vulnerability against a Squid proxy server, used to proxy Simple Network Management Protocol (SNMP). Because the ASN.1 parser improperly handles large values, attackers can send an overly large ASN.1 value (within a maliciously crafted SNMP packet) to overflow the buffer and crash the server process.

Extended Description

Squid is prone to a denial-of-service vulnerability in its SNMP ASN.1 parser. SNMP support is not enabled by default as provided by the vendor, but may be enabled by default when Squid is included as a binary application in certain unconfirmed operating systems. This vulnerability allows remote attackers to crash affected Squid proxies with single UDP datagrams that may be spoofed. Squid will attempt to restart itself automatically, but an attacker sending repeated malicious SNMP packets can effectively deny service to legitimate users. Squid 2.5-STABLE6 and earlier, as well as 3.0-PRE3-20040702, are reported vulnerable.

Affected Products

  • Conectiva Linux 10.0.0
  • Conectiva Linux 9.0.0
  • Gentoo Linux
  • OpenPKG 2.1.0
  • OpenPKG 2.2.0
  • OpenPKG Current
  • Red Hat Fedora 9
  • Red Hat Fedora Core1
  • Red Hat Fedora Core2
  • Red Hat Linux 7.3.0 I386
  • Red Hat Linux 9.0.0 I386
  • SCO Unixware 7.1.4
  • Squid Web Proxy Cache 2.0.0 PATCH2
  • Squid Web Proxy Cache 2.1.0 PATCH2
  • Squid Web Proxy Cache 2.3.0 .STABLE4
  • Squid Web Proxy Cache 2.3.0 .STABLE5
  • Squid Web Proxy Cache 2.4.0
  • Squid Web Proxy Cache 2.4.0 .STABLE2
  • Squid Web Proxy Cache 2.4.0 .STABLE6
  • Squid Web Proxy Cache 2.4.0 .STABLE7
  • Squid Web Proxy Cache 2.5.0 .STABLE1
  • Squid Web Proxy Cache 2.5.0 .STABLE3
  • Squid Web Proxy Cache 2.5.0 .STABLE4
  • Squid Web Proxy Cache 2.5.0 .STABLE5
  • Squid Web Proxy Cache 2.5.0 .STABLE6
  • Squid Web Proxy Cache 3.0.0
  • Squid Web Proxy Cache 3.0.0 PRE1
  • Squid Web Proxy Cache 3.0.0 PRE2
  • Squid Web Proxy Cache 3.0.0 PRE3
  • Squid Web Proxy Cache 3.0.STABLE1
  • Squid Web Proxy Cache 3.0.STABLE2
  • Squid Web Proxy Cache 3.0.STABLE3
  • Squid Web Proxy Cache 3.0.STABLE4
  • Squid Web Proxy Cache 3.0.STABLE5
  • Squid Web Proxy Cache 3.0.STABLE6
  • SuSE openSUSE 11.0
  • Trustix Secure Enterprise Linux 2.0.0
  • Trustix Secure Linux 1.5.0
  • Trustix Secure Linux 2.0.0
  • Trustix Secure Linux 2.1.0
  • Ubuntu Ubuntu Linux 4.1.0 Ia32
  • Ubuntu Ubuntu Linux 4.1.0 Ia64
  • Ubuntu Ubuntu Linux 4.1.0 Ppc

References

  • BugTraq: 11385
  • CVE: CVE-2004-0918
  • URL: http://www.squid-cache.org/Advisories/SQUID-2004_3.txt

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out