RE: [squid-users] store.cc crashing the squid child

Ahh.. on my backup proxy in which I allow that subnet I was again on attack
but this time on the squid version is 3.4.5.

  Squid Cache: Version 3.4.5
configure options: '--build=x86_64-unknown-linux-gnu'
'--host=x86_64-unknown-linux-gnu' '--target=x86_64-redhat-linux-gnu'
'--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin'
'--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share'
'--includedir=/usr/include' '--libdir=/usr/lib64'
'--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib'
'--mandir=/usr/share/man' '--infodir=/usr/share/info' '--exec_prefix=/usr'
'--libexecdir=/usr/lib64/squid' '--localstatedir=/var'
'--datadir=/usr/share/squid' '--sysconfdir=/etc/squid'
'--with-logdir=$(localstatedir)/log/squid'
'--with-pidfile=$(localstatedir)/run/squid.pid'
'--disable-dependency-tracking' '--enable-follow-x-forwarded-for'
'--enable-auth'
'--enable-auth-basic=DB,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB,getpwnam'
'--enable-auth-ntlm=smb_lm,fake' '--enable-auth-digest=file,LDAP,eDirectory'
'--enable-auth-negotiate=kerberos,wrapper'
'--enable-external-acl-helpers=wbinfo_group,kerberos_ldap_group,AD_group'
'--enable-cache-digests' '--enable-cachemgr-hostname=localhost'
'--enable-delay-pools' '--enable-epoll' '--enable-icap-client'
'--enable-ident-lookups' '--enable-linux-netfilter'
'--enable-removal-policies=heap,lru' '--enable-snmp'
'--enable-storeio=aufs,diskd,ufs,rock' '--enable-wccpv2' '--enable-esi'
'--enable-ssl' '--enable-ssl-crtd' '--enable-icmp' '--with-aio'
'--with-default-user=squid' '--with-filedescriptors=65535' '--with-dl'
'--with-openssl' '--with-pthreads' '--with-included-ltdl'
'build_alias=x86_64-unknown-linux-gnu' 'host_alias=x86_64-unknown-linux-gnu'
'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m64 -mtune=generic' 'CXXFLAGS=-O2 -g -pipe -Wall
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m64 -mtune=generic -fPIC'
'PKG_CONFIG_PATH=/usr/lib64/pkgconfig:/usr/share/pkgconfig'
--enable-ltdl-convenience

The syslog is saying below

May 27 06:36:22 proxy1 squid[3503]: Squid Parent: (squid-1) process 16614
exited due to signal 6 with status 0
May 27 06:36:25 proxy1 squid[3503]: Squid Parent: (squid-1) process 16672
started
May 27 06:39:22 proxy1 squid[3503]: Squid Parent: (squid-1) process 16672
exited due to signal 6 with status 0
May 27 06:39:25 proxy1 squid[3503]: Squid Parent: (squid-1) process 16729
started
May 27 06:42:23 proxy1 squid[3503]: Squid Parent: (squid-1) process 16729
exited due to signal 6 with status 0
May 27 06:42:26 proxy1 squid[3503]: Squid Parent: (squid-1) process 16790
started
May 27 06:45:23 proxy1 squid[3503]: Squid Parent: (squid-1) process 16790
exited due to signal 6 with status 0
May 27 06:45:26 proxy1 squid[3503]: Squid Parent: (squid-1) process 16847
started
May 27 06:48:24 proxy1 squid[3503]: Squid Parent: (squid-1) process 16847
exited due to signal 6 with status 0
May 27 06:48:27 proxy1 squid[3503]: Squid Parent: (squid-1) process 16903
started
May 27 06:51:25 proxy1 squid[3503]: Squid Parent: (squid-1) process 16903
exited due to signal 6 with status 0
May 27 06:51:28 proxy1 squid[3503]: Squid Parent: (squid-1) process 16963
started
May 27 06:54:25 proxy1 squid[3503]: Squid Parent: (squid-1) process 16963
exited due to signal 6 with status 0
May 27 06:54:28 proxy1 squid[3503]: Squid Parent: (squid-1) process 17019
started

The Cache log is saying this and restarting the child every time.

2014/05/27 06:36:21 kid1| assertion failed: store.cc:915: "store_status ==
STORE_PENDING"
2014/05/27 06:39:21 kid1| assertion failed: store.cc:915: "store_status ==
STORE_PENDING"
2014/05/27 06:42:22 kid1| assertion failed: store.cc:915: "store_status ==
STORE_PENDING"
2014/05/27 06:45:23 kid1| assertion failed: store.cc:915: "store_status ==
STORE_PENDING"
2014/05/27 06:48:23 kid1| assertion failed: store.cc:915: "store_status ==
STORE_PENDING"
2014/05/27 06:51:24 kid1| assertion failed: store.cc:915: "store_status ==
STORE_PENDING"
2014/05/27 06:54:24 kid1| assertion failed: store.cc:915: "store_status ==
STORE_PENDING"

Again from access log not been able to point out who could be the culprit of
that and further what query made him possible for exploiting this
vulnerability of the latest version of squid 3.4.5.

Any inside expert opinion to filter such exploiting request.

BR
Farooq

-----Original Message-----
From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Sent: Tuesday, May 27, 2014 10:55 AM
To: squid-users_at_squid-cache.org
Subject: Re: [squid-users] store.cc crashing the squid child

On 27/05/2014 4:32 p.m., Farooq Bhatti wrote:
> Hi There,
>
> Pardon me for long email. Actually I faced a DOS attack in a
> university setup and want to get help to avoid it in future. I am
> using squid following version
>
> squid -v
> Squid Cache: Version 3.4.3

Could be this:
http://www.squid-cache.org/Advisories/SQUID-2014_1.txt

Please upgrade to the latest Squid version. Today that is 3.4.5.

Amos

---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com