Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 170410 - CAN-2005-2794 -2917 squid multiple vulnerabilities
Summary: CAN-2005-2794 -2917 squid multiple vulnerabilities
Status: CLOSED DUPLICATE of bug 152809
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: squid
Version: rhl7.3
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Fedora Legacy Bugs
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2005-10-11 13:59 UTC by John Dalbec
Modified: 2007-04-18 17:32 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2005-11-18 00:36:52 UTC

Attachments (Terms of Use)

Description John Dalbec 2005-10-11 13:59:31 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20050729 Netscape/

Description of problem:
05.19.16 CVE: Not Available
Platform: Unix
Title: Squid Proxy Unspecified DNS Spoofing
Description: Squid Proxy is a freely available, open source web proxy
software package. Squid Proxy is affected by an unspecified DNS
spoofing vulnerability. Squid Proxy versions 2.5 and earlier are known
to be vulnerable.

(2) MODERATE: Multiple Vendor HTTP Request Smuggling
Configurations involving a number of popular web proxy/cache servers and
web application firewalls

Description: A new attack technique named "HTTP Request Smuggling" has
been reported to affect configurations that involve one or more web
entities (i.e. a web proxy server, a web cache server or a web
application firewall) between a user and a web server. The attack can
be carried out by crafting back-to-back HTTP requests that are
interpreted differently by the web entities. For example, if an HTTP
request is crafted with two distinct HTTP "Content-Length" headers, the
two web entities may process the same request by honoring either the
first or the last "Content-Length" header. The discoverers have shown
how an attacker can exploit such behaviors by crafting HTTP requests
that may result in web cache poisoning, bypassing the web firewall,
cross-site scripting (requiring no user interaction) or session
hijacking. The vulnerable example configurations listed in the
discoverers' posting include Sun ONE proxy server, Sun ONE webserver,
CheckPoint Firewall, Microsoft IIS server, Microsoft ISA server, Apache,
Jakarta Tomcat server, IBM WebSphere, BEA WebLogic, Oracle9iAS, Squid,
Delegate and Oracle WebCache.

Status: Squid and CheckPoint have distributed patches. The status
regarding other vendors is not currently known.

Council Site Actions: Two council sites are still evaluating if they are
vulnerable. One site has already patched their system.

Watchfire Whitepaper  
SecurityFocus BID 

05.23.14 CVE: Not Available
Platform: Cross Platform
Title: Multiple Vendor Multiple HTTP Request Smuggling
Description: Multiple vendors are prone to a new class of attack named
"HTTP Request Smuggling". This class of attack basically revolves
around piggybacking a HTTP request inside of another HTTP request. By
leveraging failures to implement the HTTP/1.1 RFC properly, it is
demonstrated that this class of attack may result in cache poisoning,
cross-site scripting, session hijacking and other attacks. Reports
indicate that Microsoft IIS 5.0 is affected.

05.37.15 CVE: CAN-2005-2794
Platform: Unix
Title: Squid Proxy Aborted Requests Remote Denial of Service
Description: Squid Proxy is a freely available, open source Web proxy
software package. A remote denial of service vulnerability affects the
Squid Proxy. This issue is due to a failure of the application to
properly handle exceptional network requests. A remote attacker may
leverage this issue to crash the affected Squid Proxy, denying service
to legitimate users.

05.40.12 CVE: CAN-2005-2917
Platform: Unix
Title: Squid Proxy Client NTLM Authentication Denial of Service
Description: Squid Proxy is a web proxy software package. It is
reported to be vulnerable to a denial of service issue. The issue
presents itself when proxy handles certain NTLM request sequences.
Squid Web Proxy Cache version 2.5 .STABLE9 is reported to be

Version-Release number of selected component (if applicable):

How reproducible:
Didn't try

Additional info:

Comment 1 David Eisenstein 2005-10-28 08:49:32 UTC
Please see attachment #120495 [details] for a listing of all CVE's covered by Bug #152809
and new bugs that we can deal with in this bug report.  This attachment is
introduced in bug 152809 comment 12.

Comment 2 Marc Deslauriers 2005-11-15 05:17:35 UTC
Wow...that's great work David. Thanks.

Comment 3 David Eisenstein 2005-11-17 09:20:06 UTC
You're welcome.  

Where do we go from here?  Is bug 152809 released?

Comment 4 Marc Deslauriers 2005-11-18 00:36:52 UTC
Let's track this in 152809.

*** This bug has been marked as a duplicate of 152809 ***

Note You need to log in before you can comment on or make changes to this bug.