• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Squid Cache FTP Proxy URL Buffer Overflow Vulnerability

A buffer overflow exists in the Squid proxy server's FTP URL handling.

If a user has the ability to use the Squid process to proxy FTP requests, it may be possible for the user make a malicious request. By sending a custom-crafted ftp:// URL through the squid proxy, it is possible to crash the server, requiring manual restart to resume normal operation.

This problem could also be exploited to allow the execution of code with the privileges of the Squid process, typically 'nobody'.