FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

squidGuard -- multiple vulnerabilities

Affected packages
squidGuard < 1.4_2

Details

VuXML ID 692ab645-bf5d-11de-849b-00151797c2d4
Discovery 2009-10-15
Entry 2009-10-22
Modified 2010-05-06

SquidGuard website reports:

Patch 20091015 fixes one buffer overflow problem in sgLog.c when overlong URLs are requested. SquidGuard will then go into emergency mode were no blocking occurs. This is not required in this situation.

Patch 20091019 fixes two bypass problems with URLs which length is close to the limit defined by MAX_BUF (default: 4096) in squidGuard and MAX_URL (default: 4096 in squid 2.x and 8192 in squid 3.x) in squid. For this kind of URLs the proxy request exceeds MAX_BUF causing squidGuard to complain about not being able to parse the squid request. Increasing the buffer limit to be higher than the one defined in MAX_URL solves the issue.

References

CVE Name CVE-2009-3700
CVE Name CVE-2009-3826
URL http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091015
URL http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091019