Re: [squid-users] Squid Web Proxy Cache Denial of Service Vulnerabilty

From: Henrik Nordstrom <>
Date: Wed, 13 Feb 2002 05:28:12 +0100

Yes. The patch was available before the information was made public.

Squid-2.4.STABLE3 and later is fixed.

Henrik Nordström
Squid Developer

On Monday 28 January 2002 11.22, Awie wrote:
> Hi all,
> I just read an article at SECURITY FOCUS web site about Squid Web
> Proxy Cache Denial of Service Vulnerability
> "A problem exists in the manner which Squid handles requests to
> make FTP directories on proxied services. An attacker who makes a
> specially crafted request via the Squid proxy will be able to cause
> a denial of service to the proxy.
> If affected with a denial of service then Squid must be restarted
> to regain normal functionality. "
> Is it already solved? Is there a patch already?
> Please advise.
> Thx & rgds,
> Awie

MARA Systems AB, Giving you basic free Squid support
Customized solutions, packaged solutions and priority support
available on request
Received on Tue Feb 12 2002 - 21:53:04 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:14 MST