Описание
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| squid | fixed | 4.1-1 | package | |
| squid | no-dsa | wheezy | package | |
| squid | no-dsa | squeeze | package | |
| squid3 | fixed | 3.5.6-1 | package |
Примечания
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13856.patch (3.5)
http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13225.patch (3.4)
http://www.squid-cache.org/Advisories/SQUID-2015_2.txt
https://www.openwall.com/lists/oss-security/2015/07/06/8
In squeeze's squid3 the code is structured differently but the bug still appears to be present.
For squid 2.x all versions are affected, cf. comment by upstream in
https://bugs.debian.org/793128#12
Связанные уязвимости
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
Уязвимость прокси-сервера Squid, позволяющая нарушителю обойти существующие ограничения и получить доступ к серверу