漏洞类别:Proxy
漏洞等级: 
漏洞信息
Squid Proxy is a freely available open source Web proxy software package. It is designed for use on Unix,Linux and Windows platforms.
Squid cachemgr.cgi tool is vulnerable to a buffer overflow vulnerability due to improper input validation.
Affected Software:
Squid 2.x all releases
Squid 3.x to Squid 3.5.16
Squid 4.x to Squid 4.0.9
QID Detection Logic (Unauthenticated):
This unauthenticated detection works by reviewing the version of the Squid Proxy service.
漏洞危害
Remote attackers could cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.
解决方案
The vendor has released updates to resolve this issue.
Refer to vendor advisory SQUID-2016:5 to obtain more details and patch information.
Workaround:
Use tools other than cachemgr.cgi, such as squidclient to view affected reports until the CGI tool can be patched or upgraded.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论