Holla, two weeks ago I found a security bug in squid, a web proxy cache, freely available at http://squid.nlanr.net/ Here you find the short Buglog-entry as shown at http://squid.nlanr.net/Versions/v2/2.2/bugs/ Please note that the bug applies whenever a external authenticator is used. cheers, Oezguer Kesim oecat_private Newlines in passwords confuses the authenticator program ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Platforms All Versions 2.2.STABLE5 and earlier Synopsis After decoding the base64 encoded "user:password" pair given by the client, squid doesn't strip out any '\n' or '\r' found in the resulting string. Given such a string, any external authenticator will receive two lines instead of one, and most probably send two results. Now, any subsequent authentification exchange will has its answer shifted by one. Therefore, a malicious user can gain access to sites he or she should not have access to. Reported by Oezguer Kesim (oecat_private) Patch http://squid.nlanr.net/Versions/v2/2.2/bugs/ squid-2.2.stable5-newlines_in_auth.patch Status Fixed in 2.3 branch.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:08:39 PDT