This [1] was supposed to be fixed in Squid 2.5STABLE6, but Squid is said [2] to be still vulnerable. I haven't seen any confirmation about this yet, but SecurityTracker as well as German Heise News have reported it. [1] http://www.squid-cache.org/bugs/show_bug.cgi?id=972 [2] http://www.rootthief.com/?view=advisories/squid : ========================================== Squid-Cache Buffer Overflow Vulnerablility ========================================== Dicovered by- d3thStaR [!SUI] Greets: !SUI Crew, Atomix, mGrD, e0r, rootthief.com. Sources: Bug #972 Confirmed products effected- squid-2.5.STABLE6 and earlier =======Description of Problem======= The function clientAbortBody can cause a segmentation fault. if (!conn->body.callback || conn->body.request != request) return; buf = conn->body.buf; This was a problem supposed to be address in STABLE5 by changing: if (!conn->body.callback || conn->body.request != request) to if (conn == NULL || !conn->body.callback || conn->body.request != request) The problem still exists and still can crash the program. [...]
also SA12508: http://secunia.com/advisories/12508/ "A patch has been applied to version 2.5.STABLE5 and 2.5.STABLE6. However, it may reportedly only address the issue partially."
Still no confirmation upstream.
The claim that Squid 2.5STABLE6 was still vulnerable is false. "d3thStaR" (the person who claimed this), responded below: ------- Additional Comment #15 From d3thStaR 2004-09-27 20:30 ------- I am very sorry... I didn't even realize that people were still looking for an answer with this... I'm fairly embarrassed with all of this, but the release I thought was STABLE6 was a mis-labled version of Stable5... I appologize for the inconvinience..