FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

squid -- correct handling of oversized HTTP reply headers

Affected packages
squid < 2.5.7_12

Details

VuXML ID bfda39de-7467-11d9-9e1e-c296ac722cb3
Discovery 2005-01-31
Entry 2005-02-08

The squid patches page notes:

This patch addresses a HTTP protocol mismatch related to oversized reply headers. In addition it enhances the cache.log reporting on reply header parsing failures to make it easier to track down which sites are malfunctioning.

[source]

It is believed that this bug may lead to cache pollution or allow access controls to be bypassed.

References

CERT/CC Vulnerability Note 823350
CVE Name CVE-2005-0241
FreeBSD PR ports/76967
URL http://www.squid-cache.org/bugs/show_bug.cgi?id=1216
URL http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.