Check Point Advisories

Squid Gopher Protocol Handling Buffer Overflow (CVE-2005-0094)

Check Point Reference: CPAI-2005-187
Date Published: 15 Dec 2009
Severity: High
Last Updated: Sunday 22 November, 2015
Source:
Industry Reference:CVE-2005-0094
Protection Provided by:

Security Gateway
R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description Squid is a full featured, open source web proxy caching server. It supports proxying of variety of protocols including FTP, HTTP, DNS and Gopher. A vulnerability exists in the way Squid web proxy handles responses from Gopher servers. An overly long line in a Gopher response can overflow a fixed size buffer. This could create a denial of service condition for active transactions or could potentially allow an arbitrary code execution with permissions of an account running Squid web proxy. Upon receiving the attack, a Squid proxy will continue without change to its functionality since the buffer overflow does not corrupt any critical data. The browser requesting the Gopher URL might see overly long file names or entries in the HTML page returned from the proxy. Mitigation of this vulnerability will occur in the majority of cases for operating systems supporting the ELF, AOUT or PE executable file format. For operating systems that use a different file format and program image layout, or for the rare case where a non-standard compiler is used, the mitigation factor may not exist. In such a case, an attacker can exploit this flaw to terminate the vulnerable product, creating a denial of service condition. Potentially, an attack may also execute arbitrary code on the target. In this case, the behaviour of the target is dependent on the malicious code.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

  1. In the IPS tab, click Protections and find the Squid Gopher Protocol Handling Buffer Overflow protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Proxy Server Enforcement Violation.
Attack Information:  Squid Gopher protocol handling buffer overflow

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK