Vigil@nce - Squid: denial of service via ssl_dump
March 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send an HTTP+SSL query with the Range header to a
Squid proxy configured with ssl_bump, in order to stop it.
– Impacted products: Squid
– Severity: 2/4
– Creation date: 11/03/2014
DESCRIPTION OF THE VULNERABILITY
The ssl_bump feature asks Squid to act as a Man-in-the-Middle, in
order to decrypt SSL/TLS sessions.
The HTTP Range header is used to obtain a range of a web document.
However, if Squid decrypts a SSL session using the Range header,
it generates an error too soon, and triggers an assertion.
An attacker can therefore send an HTTP+SSL query with the Range
header to a Squid proxy configured with ssl_bump, in order to stop
it.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Squid-denial-of-service-via-ssl-dump-14392