Re: Recent Squid Vulnerabiliy; is it a threat...?

From: Henrik Nordstrom <>
Date: Wed, 27 Oct 1999 22:09:45 +0200

Hogben, Ian wrote:
> Hello, all:
> What kind of practical application of this bug can I look forward to? It
> looks like a bug without an applied crack exploiting it, but what could the
> effect be, and is it a serious concern...?

It this is the vulnerability related to authentication then it is about
unauthorized access to the proxy when proxy_auth is used.

If you are not using proxy_auth then this cannot be exploited.

If you are using proxy_auth then a carefully constructed request can
confuse Squids communication to the external authenticator process.

Henrik Nordstrom
Squid hacker
Received on Wed Oct 27 1999 - 14:22:55 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:49:06 MST