Re: [squid-users] squid sslbump server-first local loops?

From: Amm <ammdispose-squid_at_yahoo.com>
Date: Sun, 13 Apr 2014 16:41:48 +0530

On 04/13/2014 04:27 PM, Amos Jeffries wrote:
> On 12/04/2014 5:23 p.m., Amm wrote:
>>
>> So I ran this command:
>> openssl s_client -connect 192.168.1.2:8081
>>
>> where 8081 is https_port on which squid runs. (with sslbump)
>>
>> And BOOM, squid went in to infinite loop! And started running out of
>> file descriptors.
>>

> Is this happening with "via on" ?
> It is an expected vulnerability with "via off".
>
> Amos

I dont have any "via" line, so that means default in "on"

Again tested it. Very easy to crash squid. It just takes 2 seconds for
squid to report:

WARNING! Your cache is running out of filedescriptors

And takes away 100% CPU too.

Regards,

Amm
Received on Sun Apr 13 2014 - 11:12:07 MDT

This archive was generated by hypermail 2.2.0 : Sun Apr 13 2014 - 12:00:05 MDT