Bug 76550 - [Maintainer/security] www/squid: protect against HTTP resonse split attack and other patches
Summary: [Maintainer/security] www/squid: protect against HTTP resonse split attack an...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-ports-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-01-21 18:40 UTC by Thomas-Martin Seck
Modified: 2005-01-22 09:35 UTC (History)
1 user (show)

See Also:


Attachments
file.diff (1.61 KB, patch)
2005-01-21 18:40 UTC, Thomas-Martin Seck
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas-Martin Seck 2005-01-21 18:40:28 UTC
Integrate vendor patches as published on
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:

- FTP data connection fails on some FTP servers when requesting a directory
  without a trailing slash (squid bug #1194)

- Icons fail to load on non-anonymous FTP when using the short_icons_url
  configuration directive (squid bug #1203)

- Strengthen squid against HTTP response splitting cache pollution attacks
  (squid bug #1200), classified as security issue by the vendor

Proposed VuXML information, entry date left to be filled in:

(Note: I added only a publically accessible link to the Sanctum, Inc.
whitepaper, the squid bug tracker contains a deep link to the PDF
itself; if we are allowed to publish it, it could instead be used as
reference because Sanctum, Inc. wants you to register with them before
you get access to their whitepapers.)

<vuln vid="4e4bd2c2-6bd5-11d9-9e1e-c296ac722cb3">
  <topic>squid -- HTTP response splitting cache pollution attack</topic>
  <affects>
    <package>
	<name>squid</name>
	<range><lt>2.5.7_8</lt></range>
    </package>
  </affects>
  <description>
    <body xmlns="http://www.w3.org/1999/xhtml">
	<p>According to a whitepaper published by Sanctum, Inc., it
	  is possible to mount cache poisoning attacks against, among others,
	  squid proxies by inserting false replies into the HTTP stream.</p>
	<p>The squid patches page notes:</p>
	<blockquote cite="http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_splitting">
	  <p>This patch additionally strengthens Squid from the HTTP response
	    attack described by Sanctum.</p>
	</blockquote>
    </body>
  </description>
  <references>
    <url>http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_splitting</url>
    <url>http://www.squid-cache.org/bugs/show_bug.cgi?id=1200</url>
    <url>https://www.watchfire.com/securearea/whitepapers.aspx?id=8</url>
  </references>
  <dates>
    <discovery>2004-03-01</discovery>
    <entry></entry>
  </dates>
</vuln>

Fix: Apply this patch:
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2005-01-22 09:35:21 UTC
State Changed
From-To: open->closed

Committed, thanks!