In association with heise online

17 January 2007, 14:43

FTP URLs cause Squid Web proxy to crash

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Version 2.6.STABLE7 of the popular Squid Web proxy cache takes care of two vulnerabilities that could be used for denial-of-service attacks, among other things. Certain FTP URLs can be called to create a memory violation that brings down the proxy. Furthermore, extra long external ACL queues no longer trip up the new version of the proxy. The external_acl option, for instance, can be used in Squid to implement authentication interfaces for NT domains, among other things.

In addition, Squid now deletes its process ID properly so that the shutdown script no longer hangs. Finally, the restriction for the maximum number of IP connections now works if NTLM is used for authentication. According to the security advisory, it used to be possible to set up an account from any number of computers.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit