Check Point Reference: | CPAI-2005-358 |
Date Published: | 27 Apr 2011 |
Severity: | High |
Last Updated: | Monday 09 November, 2015 |
Source: | |
Industry Reference: | CVE-2005-0211 |
Protection Provided by: |
Security Gateway |
Who is Vulnerable? | |
Vulnerability Description | Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. An attacker can exploit this vulnerability to terminate the vulnerable product, creating a denial of service condition, or it can be exploited for code. A remote vulnerability was found in Squid web proxy/cache processes Web Cache Communication Protocol (WCCP) messages. An overly long UDP datagram can trigger a buffer overflow. Successful exploitation of this vulnerability could terminate the vulnerable product, creating a denial of service condition, or it can be exploited for code execution. |
This protection will detect and block any overly long UDP datagram.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: Proxy Server Enforcement Violation.
Attack Information: Squid WCCP Message Receive buffer overflow