Signature Detail

APP: Squid Proxy HTCP Packet Processing Denial of Service

A denial of service vulnerability exists in Squid Proxy. The vulnerability is due to a NULL pointer dereference when processing specially crafted Hypertext Caching Protocol (HTCP) packets. Remote attackers can exploit this issue by sending a malicious HTCP request to the target server. Successful exploitation could terminate the affected server process abnormally and result in a denial of service condition.

Extended Description

Squid Web Proxy Cache is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

Affected Products

• Gentoo linux
• Mandriva corporate_server 4.0
• Mandriva corporate_server 4.0.0 X86 64
• Mandriva enterprise_server 5
• Mandriva enterprise_server 5 X86 64
• Mandriva linux_mandrake 2008.0
• Mandriva linux_mandrake 2008.0 X86 64
• Mandriva linux_mandrake 2009.0
• Mandriva linux_mandrake 2009.0 X86 64
• Mandriva linux_mandrake 2009.1
• Mandriva linux_mandrake 2009.1 X86 64
• Mandriva linux_mandrake 2010.0
• Mandriva linux_mandrake 2010.0 X86 64
• Red_hat fedora 12
• Red_hat fedora 13
• Squid web_proxy_cache 2.0.0 PATCH2
• Squid web_proxy_cache 2.1.0 PATCH2
• Squid web_proxy_cache 2.3.0 .STABLE4
• Squid web_proxy_cache 2.3.0 .STABLE5
• Squid web_proxy_cache 2.4.0
• Squid web_proxy_cache 2.4.0 .STABLE2
• Squid web_proxy_cache 2.4.0 .STABLE4
• Squid web_proxy_cache 2.4.0 .STABLE6
• Squid web_proxy_cache 2.4.0 .STABLE7
• Squid web_proxy_cache 2.5.0 .STABLE1
• Squid web_proxy_cache 2.5.0 .STABLE10
• Squid web_proxy_cache 2.5.0 .STABLE3
• Squid web_proxy_cache 2.5.0 .STABLE4
• Squid web_proxy_cache 2.5.0 .STABLE5
• Squid web_proxy_cache 2.5.0 .STABLE6
• Squid web_proxy_cache 2.5.0 .STABLE7
• Squid web_proxy_cache 2.5.0 .STABLE8
• Squid web_proxy_cache 2.5.0 .STABLE9
• Squid web_proxy_cache 2.5.STABLE11
• Squid web_proxy_cache 2.5.STABLE12
• Squid web_proxy_cache 2.5.STABLE13
• Squid web_proxy_cache 2.5.STABLE14
• Squid web_proxy_cache 2.6
• Squid web_proxy_cache 2.6.STABLE1
• Squid web_proxy_cache 2.6.STABLE12
• Squid web_proxy_cache 2.6.STABLE13
• Squid web_proxy_cache 2.6.STABLE14
• Squid web_proxy_cache 2.6.STABLE15
• Squid web_proxy_cache 2.6.STABLE16
• Squid web_proxy_cache 2.6.STABLE17
• Squid web_proxy_cache 2.6.STABLE18
• Squid web_proxy_cache 2.6.STABLE2
• Squid web_proxy_cache 2.6.STABLE3
• Squid web_proxy_cache 2.6.STABLE4
• Squid web_proxy_cache 2.6.STABLE5
• Squid web_proxy_cache 2.6.STABLE6
• Squid web_proxy_cache 2.6.STABLE7
• Squid web_proxy_cache 2.7
• Squid web_proxy_cache 2.7.STABLE5
• Squid web_proxy_cache 2.7.STABLE6
• Squid web_proxy_cache 3.0.0
• Squid web_proxy_cache 3.0.0 PRE1
• Squid web_proxy_cache 3.0.0 PRE2
• Squid web_proxy_cache 3.0.0 PRE3
• Squid web_proxy_cache 3.0.STABLE1
• Squid web_proxy_cache 3.0.STABLE12
• Squid web_proxy_cache 3.0.STABLE13
• Squid web_proxy_cache 3.0.STABLE16
• Squid web_proxy_cache 3.0.STABLE17
• Squid web_proxy_cache 3.0.STABLE2
• Squid web_proxy_cache 3.0.STABLE21
• Squid web_proxy_cache 3.0.STABLE22
• Squid web_proxy_cache 3.0.STABLE23
• Squid web_proxy_cache 3.0.STABLE3
• Squid web_proxy_cache 3.0.STABLE4
• Squid web_proxy_cache 3.0.STABLE5
• Squid web_proxy_cache 3.0.STABLE6
• Squid web_proxy_cache 3.0.STABLE7
• Ubuntu ubuntu_linux 8.04 LTS Amd64
• Ubuntu ubuntu_linux 8.04 LTS I386
• Ubuntu ubuntu_linux 8.04 LTS Lpia
• Ubuntu ubuntu_linux 8.04 LTS Powerpc
• Ubuntu ubuntu_linux 8.04 LTS Sparc
• Ubuntu ubuntu_linux 8.10 Amd64
• Ubuntu ubuntu_linux 8.10 I386
• Ubuntu ubuntu_linux 8.10 Lpia
• Ubuntu ubuntu_linux 8.10 Powerpc
• Ubuntu ubuntu_linux 8.10 Sparc
• Ubuntu ubuntu_linux 9.04 Amd64
• Ubuntu ubuntu_linux 9.04 I386
• Ubuntu ubuntu_linux 9.04 Lpia
• Ubuntu ubuntu_linux 9.04 Powerpc
• Ubuntu ubuntu_linux 9.04 Sparc
• Ubuntu ubuntu_linux 9.10 Amd64
• Ubuntu ubuntu_linux 9.10 I386
• Ubuntu ubuntu_linux 9.10 Lpia
• Ubuntu ubuntu_linux 9.10 Powerpc
• Ubuntu ubuntu_linux 9.10 Sparc

References

• BugTraq: 38212
• CVE: CVE-2010-0639