squidGuard URL Processing Multiple Filter Bypass Vulnerabilities


Description   Multiple vulnerabilities have been identified in squidGuard, which could be exploited by attackers to bypass security restrictions. These issues are caused by input validation and buffer overflow errors in "sgLog.c", "sg.h.in" and "sgDiv.c.in" when processing overly long URLs or URLs containing multiple slash "/" characters, which could allow attackers to disable or bypass the filter.
     
Vulnerable Products   Vulnerable Software:
squidGuard version 1.4squidGuard version 1.3
     
Solution   Apply patches for squidGuard version 1.4 : http://www.squidguard.org/Downloads/Patches/1.4/squidGuard-1.4-patch-20091015.tar.gzhttp://www.squidguard.org/Downloads/Patches/1.4/squidGuard-1.4-patch-20091015.tar.gz.md5http://www.squidguard.org/Downloads/Patches/1.4/squidGuard-1.4-patch-20091019.tar.gzhttp://www.squidguard.org/Downloads/Patches/1.4/squidGuard-1.4-patch-20091019.tar.gz.md5Apply patches for squidGuard version 1.3 : http://www.squidguard.org/Downloads/Patches/1.3/squidGuard-1.3-patch-20091015.tar.gzhttp://www.squidguard.org/Downloads/Patches/1.3/squidGuard-1.3-patch-20091015.tar.gz.md5http://www.squidguard.org/Downloads/Patches/1.3/squidGuard-1.3-patch-20091019.tar.gzhttp://www.squidguard.org/Downloads/Patches/1.3/squidGuard-1.3-patch-20091019.tar.gz.md5
     
CVE   CVE-2009-3826
CVE-2009-3700
     
References   http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091019
http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091015
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Possible buffer overflow on URL
3.2.0
Possible buffer overflow in HTTP request/reply
3.2.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2009-10-23 

 Target Type 
Server 

 Possible exploit 
Local & Remote