Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22679
HistoryOct 26, 2009 - 12:00 a.m.

squidGuard 1.3 & 1.4 : buffer overflow

2009-10-2600:00:00
vulners.com
46
JSON

Advisory

Date 2009-10-26
Program squidGuard
URL http://squidguard.org/
Found by Matthieu BOUTHORS

Application description

SquidGuard is a URL redirector used to use blacklists with the proxysoftware
Squid. There are two big advantages to squidguard: it is fast and it is free.
SquidGuard is published under GNU Public License.

Vulnerability description

Multiple buffer overflow can lead to filtering policy bypass and DoS.

The Common Vulnerabilities and Exposures (CVE) project has assigned
the name CVE-2009-3700 to this issue. This is a candidate for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.

Vulnerability details

The vulnerability is due to insecure buffer handling.

For instance in sgLog.c :

if(vsprintf(msg, format, ap) > (MAX_BUF - 1))

This piece of code may cause a buffer overflow and detects when it's too late.
squidGuard only logs URL with patched bypass attempts (for instance, trailing
dot or double dash, see http://www.squidguard.org/Doc/advisories.html).

MAX_BUF is 4096, squid does not allow URL greater than 4096 characters.
So in order to cause a buffer overflow, the attacker has to use an URL close to
4096 characters. A succesfull attackers would put squidGuard in emergency mode,
in this mode squidGuard approve each requests. A less succesfull attacker can
freeze the squidGuard instance, reproduct this attack can lead to a DoS.

Systems affected

squidGuard 1.3
squidGuard 1.4

Solution

Two patches has been released by the squidGuard team : Patch-20091015 and
Patch-20091019.

Related

openvas 13
prion 1
fedora 2
ubuntucve 1
securityvulns 1
cve 1
debiancve 1
nessus 6
debian 1
freebsd 1
openvas
openvas
Fedora Core 10 FEDORA-2009-10743 (squidGuard)
2009-11-11 00:00:00
Fedora Core 11 FEDORA-2009-10780 (squidGuard)
2009-11-11 00:00:00
Fedora Core 11 FEDORA-2009-10780 (squidGuard)
2009-11-11 00:00:00
prion
prion
Buffer overflow
2009-10-28 14:30:00
fedora
fedora
[SECURITY] Fedora 11 Update: squidGuard-1.4-8.fc11
2009-11-04 12:21:18
[SECURITY] Fedora 10 Update: squidGuard-1.4-8.fc10
2009-11-04 12:40:29
ubuntucve
ubuntucve
CVE-2009-3700
2009-10-28 00:00:00
securityvulns
securityvulns
squidGuard buffer overflows
2009-10-26 00:00:00
cve
cve
CVE-2009-3700
2009-10-28 14:30:00
debiancve
debiancve
CVE-2009-3700
2009-10-28 14:30:00
nessus
nessus
Mandriva Linux Security Advisory : squidGuard (MDVSA-2009:293-1)
2009-11-04 00:00:00
openSUSE Security Update : squidGuard (openSUSE-SU-2010:0460-1)
2010-08-03 00:00:00
openSUSE Security Update : squidGuard (openSUSE-SU-2010:0460-1)
2014-06-13 00:00:00
debian
debian
[SECURITY] [DSA 2040-1] New squidguard packages fix several vulnerabilities
2010-05-02 12:56:52
freebsd
freebsd
squidGuard -- multiple vulnerabilities
2009-10-15 00:00:00
JSON
Related for SECURITYVULNS:DOC:22679
openvas13prion1fedora2ubuntucve1securityvulns1cve1debiancve1nessus6debian1freebsd1