Squid vulnerability allows remote attackers to launch DoS attacks

Squid patched a vulnerability that allowed remote attackers to launch a denial of service attack when connected to TLS or SSL servers.
Squid patched a vulnerability that allowed remote attackers to launch a denial of service attack when connected to TLS or SSL servers.

Squid, a Unix-based caching proxy, patched a handling server error. The vulnerability (CVE-2016-2390) allowed remote attackers to launch a denial-of-service (DoS) attack when connected to TLS or SSL servers. The flaw affects Linux and UNIX operating systems using Squid versions 3.5.13, 4.0.4, or 4.0.5.

“This problem allows any trusted client to perform a denial of service attack on the Squid service regardless of whether TLS or SSL is configured for use in the proxy,” according to a security advisory released by the company. “However, the bug is exploitable only if Squid is built using the --with-openssl option.”

Several workarounds are available. If users disable the service for https:// URLs entirely at the top of the squid.conf http_access rules, they will not be affected by the vulnerability. In addition, users can prevent the issue by relaying outgoing HTTPS traffic through a non-vulnerable proxy, unless the SSL-bump splice feature is used. Simple attacks can be prevented by disabling service for irregular HTTPS ports.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS