Vigil@nce - Squid cache: denial of service via HTTP Port
July 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send an HTTP query with a malformed port number,
in order to trigger a denial of service in Squid cache.
Impacted products: Squid
Severity: 2/4
Creation date: 15/07/2013
DESCRIPTION OF THE VULNERABILITY
A web service can listen on a port different from 80. In this
case, the port number is indicated in the HTTP Host header. For
example:
Host: server:81
The client_side_request.cc file of Squid detects the port number,
and calls the xatoi() function to convert it to an integer.
However, if the port number is not an integer, xatoi() returns
zero. The usage of the port zero then triggers a fatal error.
An attacker can therefore send an HTTP query with a malformed port
number, in order to trigger a denial of service in Squid cache.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Squid-cache-denial-of-service-via-HTTP-Port-13114