Vigil@nce - Squid: memory leaks in cachemgr.cgi
December 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send inconsistent requests to cachemgr.cgi, in
order to make it allocate too much memory and eventually halt.
Impacted products: Squid
Severity: 1/4
Creation date: 18/12/2012
DESCRIPTION OF THE VULNERABILITY
The cachemgr.cgi program is part of the administration tools of
the Squid proxy.
This program handles HTTP requests of type POST, the request body
size of which is specified by the Conten-Length header. The value
of this header is used to allocate a buffer which is used to store
the request body. However, cachemgr.cgi uses the header value
without restrictions. This allows an attacker to make the program
allocate a too much large buffer, without that the attacker has to
send as much data. Moreover, several strings are allocated during
computing, but never freed after use.
An attacker can send inconsistent requests to cachemgr.cgi, in
order to make it allocate too much memory and eventually halt.
However, the impact is limited because the process handles only
one connection, so memory is quickly returned to the system at
process termination.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Squid-memory-leaks-in-cachemgr-cgi-12242