Korean

<< Back VID 22253 Severity 30 Port 8080,3128 Protocol TCP Class Webproxy Detailed Description The Squid caching proxy, according to its version number, has an unauthorized access vulnerability via the NULL character. Squid is a freely available Web Proxy server for Linux distributions. Squid Web Proxy Cache versions 2.5STABLE4 and earlier could allow a remote attacker to bypass Access Control Lists (ACL). By sending a malformed username containing the %00 (null) character, the attacker could bypass url_regex ACLs and access otherwise restricted resources. * Note: This check solely relied on the version number of the remote Squid proxy server to assess this vulnerability, so this might be a false positive. * References: http://marc.theaimsgroup.com/?l=bugtraq&m=108075225114097&w=2 http://marc.theaimsgroup.com/?l=bugtraq&m=108084935904110&w=2 http://www.securitytracker.com/alerts/2004/Mar/1009267.html * Platforms Affected: National Science Foundation Squid Web Proxy Cache 2.x to 2.5.STABLE4 Debian Linux 3.0 Red Hat Linux 9 Unix Any version Linux Any version Recommendation Upgrade to the latest version of Squid (2.5.stable5 or later), as listed in the Squid Proxy Cache Security Update Advisory SQUID-2004:1 at http://www.squid-cache.org/Advisories/SQUID-2004_1.txt For Red Hat Linux 9: Upgrade to the latest version of squid (2.5.STABLE1-3.9 or later), as listed in Red Hat Security Advisory RHSA-2004:134-01 at http://www.linuxsecurity.com/advisories/redhat_advisory-4162.html For Debian/GNU Linux 3.0 (woody): Upgrade to the latest version of squid (2.4.6-2woody2 or later), as listed in Debian Security Advisory DSA-474-1 at http://www.debian.org/security/2004/dsa-474 For OpenPKG: Upgrade to the latest Squid package, as listed in OpenPKG Security Advisory OpenPKG-SA-2004.008 at http://www.openpkg.org/security/OpenPKG-SA-2004.008-squid.html For other distributions: Contact your vendor for upgrade or patch information. Related URL CVE-2004-0189 (CVE) Related URL 9778 (SecurityFocus) Related URL 15366 (ISS)