APP: Squid WCCP Message Receive Buffer Overflow
This signature detects malformed WCCP datagrams. A vulnerability exists in the way the Squid Web proxy processes Web Cache Communication Protocol (WCCP) messages. An overly long UDP datagram can trigger a buffer overflow. This vulnerability can be exploited to terminate the vulnerable product, causing a denial-of-service condition or it can be exploited for code execution.
Extended Description
The Squid proxy server is vulnerable to a remotely exploitable buffer-overflow vulnerability. The vulnerability resides in Squid's implementation of WCCP (web cache communication protocol), a UDP-based web cache management protocol. The condition is triggered when the server reads a packet that is larger than the size of the buffer allocated to store it. This can occur because 'recvfrom()' is passed an incorrect value for its 'len' argument.
Affected Products
Squid web_proxy_cache
References
BugTraq: 12432
CVE: CVE-2005-0211
URL: http://www.kb.cert.org/vuls/id/886006 http://www.squid-cache.org/Advisories/SQUID-2005_3.txt
Short Name
APP:PROXY:SQUID-WCCP-BO
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Buffer CVE-2005-0211 Message Overflow Receive Squid WCCP bid:12432
Release Date
08/10/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
UDP/2048
False Positive
Unknown
Vendors
Red_hat
Sgi
Squid
Suse
Astaro
CVSS Score
7.5