FTP URLs cause Squid Web proxy to crash
Version 2.6.STABLE7 of the popular Squid Web proxy cache takes care of two vulnerabilities that could be used for denial-of-service attacks, among other things. Certain FTP URLs can be called to create a memory violation that brings down the proxy. Furthermore, extra long external ACL queues no longer trip up the new version of the proxy. The external_acl option, for instance, can be used in Squid to implement authentication interfaces for NT domains, among other things.
In addition, Squid now deletes its process ID properly so that the shutdown script no longer hangs. Finally, the restriction for the maximum number of IP connections now works if NTLM is used for authentication. According to the security advisory, it used to be possible to set up an account from any number of computers.
- Change log on version Stable7, report at Squid-Cache.org