• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Squid HTCP Runtime Configuration Vulnerability

Solution:
HP advises Secure OS 1.0 users to apply the available Red Hat fixes.

Patches are available:


National Science Foundation Squid Web Proxy 2.0

• National Science Foundation squid-2.4.STABLE4-src.tar.gz
  http://www.squid-cache.org/Versions/v2/2.4/squid-2.4.STABLE4-src.tar.g z

National Science Foundation Squid Web Proxy 2.1

• National Science Foundation squid-2.4.STABLE4-src.tar.gz
  http://www.squid-cache.org/Versions/v2/2.4/squid-2.4.STABLE4-src.tar.g z

National Science Foundation Squid Web Proxy 2.2

• National Science Foundation squid-2.4.STABLE4-src.tar.gz
  http://www.squid-cache.org/Versions/v2/2.4/squid-2.4.STABLE4-src.tar.g z

National Science Foundation Squid Web Proxy 2.3

• Caldera squid-2.4.STABLE4-VOLS.tar
  ftp2.caldera.com/pub/skunkware/osr5/vols/squid-2.4.STABLE4-VOLS.tar


• National Science Foundation squid-2.4.STABLE4-src.tar.gz
  http://www.squid-cache.org/Versions/v2/2.4/squid-2.4.STABLE4-src.tar.g z


• Red Hat squid-2.4.STABLE3-1.6.2.alpha.rpm
  Release 6.2
  ftp://updates.redhat.com/6.2/en/os/alpha/squid-2.4.STABLE3-1.6.2.alpha .rpm


• Red Hat squid-2.4.STABLE3-1.6.2.i386.rpm
  Release 6.2
  ftp://updates.redhat.com/6.2/en/os/i386/squid-2.4.STABLE3-1.6.2.i386.r pm


• Red Hat squid-2.4.STABLE3-1.6.2.sparc.rpm
  Release 6.2
  ftp://updates.redhat.com/6.2/en/os/sparc/squid-2.4.STABLE3-1.6.2.sparc .rpm


• Red Hat squid-2.4.STABLE3-1.7.0.alpha.rpm
  Release 7.0
  ftp://updates.redhat.com/7.0/en/os/alpha/squid-2.4.STABLE3-1.7.0.alpha .rpm


• Red Hat squid-2.4.STABLE3-1.7.0.i386.rpm
  Release 7.0
  ftp://updates.redhat.com/7.0/en/os/i386/squid-2.4.STABLE3-1.7.0.i386.r pm


• Red Hat squid-2.4.STABLE3-1.7.1.alpha.rpm
  Release 7.1
  ftp://updates.redhat.com/7.1/en/os/alpha/squid-2.4.STABLE3-1.7.1.alpha .rpm


• Red Hat squid-2.4.STABLE3-1.7.1.i386.rpm
  Release 7.1
  ftp://updates.redhat.com/7.1/en/os/i386/squid-2.4.STABLE3-1.7.1.i386.r pm


• Red Hat squid-2.4.STABLE3-1.7.1.ia64.rpm
  Release 7.1
  ftp://updates.redhat.com/7.1/en/os/ia64/squid-2.4.STABLE3-1.7.1.ia64.r pm


• Red Hat squid-2.4.STABLE3-1.7.2.i386.rpm
  Release 7.2
  ftp://updates.redhat.com/7.2/en/os/i386/squid-2.4.STABLE3-1.7.2.i386.r pm


• SuSE squid-2.3.STABLE4-155.i386.rpm
  Release 7.2
  ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/squid-2.3.STABLE4-155.i 386.rpm


• SuSE squid-2.3.STABLE4-155.i386.rpm
  Release 7.3
  ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/squid-2.3.STABLE4-155.i 386.rpm


• SuSE squid-2.3.STABLE4-53.sparc.rpm
  Release 7.3
  ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/squid-2.3.STABLE4-53.s parc.rpm


• SuSE squid-2.3.STABLE4-71.ppc.rpm
  Release 7.3
  ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/squid-2.3.STABLE4-71.ppc .rpm


• SuSE squid-beta-2.4.STABLE1-100.i386.rpm
  Release 7.2
  ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/squid-beta-2.4.STABLE1- 100.i386.rpm


• SuSE squid-beta-2.4.STABLE2-59.ppc.rpm
  Release 7.3
  ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/squid-beta-2.4.STABLE2-5 9.ppc.rpm


• SuSE squid-beta-2.4.STABLE2-94.i386.rpm
  Release 7.3
  ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/squid-beta-2.4.STABLE2- 94.i386.rpm


• SuSE squid2-2.2.STABLE5-200.ppc.rpm
  Release 6.4
  ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/squid2-2.2.STABLE5-200.p pc.rpm


• SuSE squid2-2.2.STABLE5-200.ppc.rpm
  Release 7.0
  ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/squid2-2.2.STABLE5-200.p pc.rpm


• SuSE squid2-2.2.STABLE5-200.ppc.rpm
  Release 7.1
  ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/squid2-2.2.STABLE5-200.p pc.rpm


• SuSE squid2-2.2.STABLE5-207.sparc.rpm
  Release 7.0
  ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/squid2-2.2.STABLE5-207 .sparc.rpm


• SuSE squid2-2.2.STABLE5-208.sparc.rpm
  Release 7.1
  ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n2/squid2-2.2.STABLE5-208 .sparc.rpm


• SuSE squid2-2.2.STABLE5-218.i386.rpm
  Release 7.0
  ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/squid2-2.2.STABLE5-218. i386.rpm


• SuSE squid2-2.2.STABLE5-218.i386.rpm
  Release 7.1
  ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/squid2-2.2.STABLE5-218. i386.rpm


• SuSE squid2-2.2.STABLE5-219.i386.rpm
  Release 6.4
  ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/squid2-2.2.STABLE5-219. i386.rpm


• SuSE squid2-2.2.STABLE5-225.alpha.rpm
  Release 7.1
  ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/squid2-2.2.STABLE5-225.a lpha.rpm


• SuSE squid2-2.2.STABLE5-226.alpha.rpm
  Release 7.0
  ftp://ftp.suse.com/pub/suse/axp/update/7.0/n1/squid2-2.2.STABLE5-226.a lpha.rpm


• SuSE squid2-2.2.STABLE5-227.alpha.rpm
  Release 6.4
  ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/squid2-2.2.STABLE5-227.a lpha.rpm


• SuSE squid23-2.3.STABLE4-60.sparc.rpm
  Release 7.0
  ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/squid23-2.3.STABLE4-60 .sparc.rpm


• SuSE squid23-2.3.STABLE4-60.sparc.rpm
  Release 7.1
  ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n2/squid23-2.3.STABLE4-60 .sparc.rpm


• SuSE squid23-2.3.STABLE4-68.ppc.rpm
  Release 6.4
  ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/squid23-2.3.STABLE4-68.p pc.rpm


• SuSE squid23-2.3.STABLE4-68.ppc.rpm
  Release 7.0
  ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/squid23-2.3.STABLE4-68.p pc.rpm


• SuSE squid23-2.3.STABLE4-68.ppc.rpm
  Release 7.1
  ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/squid23-2.3.STABLE4-68.p pc.rpm


• SuSE squid23-2.3.STABLE4-74.alpha.rpm
  Release 7.0
  ftp://ftp.suse.com/pub/suse/axp/update/7.0/n1/squid23-2.3.STABLE4-74.a lpha.rpm


• SuSE squid23-2.3.STABLE4-74.alpha.rpm
  Release 7.1
  ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/squid23-2.3.STABLE4-74.a lpha.rpm


• SuSE squid23-2.3.STABLE4-75.alpha.rpm
  Release 6.4
  ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/squid23-2.3.STABLE4-75.a lpha.rpm


• SuSE squid23-2.3.STABLE4-75.i386.rpm
  Release 7.0
  ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/squid23-2.3.STABLE4-75. i386.rpm


• SuSE squid23-2.3.STABLE4-75.i386.rpm
  Release 7.1
  ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/squid23-2.3.STABLE4-75. i386.rpm


• SuSE squid23-2.3.STABLE4-76.i386.rpm
  Release 6.4
  ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/squid23-2.3.STABLE4-76. i386.rpm

National Science Foundation Squid Web Proxy 2.3.1

• Conectiva squid-2.3.5-1U50_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/5.0/i386/squid-2.3.5-1U50_1cl.i386 .rpm


• Conectiva squid-2.3.5-1U50_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/squid-2 .3.5-1U50_1cl.i386.rpm


• Conectiva squid-2.3.5-1U50_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/squid-2. 3.5-1U50_1cl.i386.rpm


• Conectiva squid-2.3.5-1U51_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/5.1/i386/squid-2.3.5-1U51_1cl.i386 .rpm


• Conectiva squid-2.3.5-1U60_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/squid-2.3.5-1U60_1cl.i386 .rpm

National Science Foundation Squid Web Proxy 2.4

• FreeBSD squid-2.4_8.tgz
  For version included in ports for FreeBSD 4.x.
  ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/squ id-2.4_8.tgz


• FreeBSD squid-2.4_8.tgz
  For version included in ports for FreeBSD 5.0.
  ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/sq uid-2.4_8.tgz


• National Science Foundation squid-2.4.STABLE4-src.tar.gz
  http://www.squid-cache.org/Versions/v2/2.4/squid-2.4.STABLE4-src.tar.g z

National Science Foundation Squid Web Proxy 2.4 STABLE3

• Conectiva squid-2.4.1-4U70_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/squid-2.4.1-4U70_2cl.i386 .rpm


• Conectiva squid-auth-2.4.1-4U70_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/squid-auth-2.4.1-4U70_2cl .i386.rpm


• Conectiva squid-doc-2.4.1-4U70_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/squid-doc-2.4.1-4U70_2cl. i386.rpm


• Conectiva squid-templates-2.4.1-4U70_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/squid-templates-2.4.1-4U7 0_2cl.i386.rpm


• National Science Foundation squid-2.4.STABLE4-src.tar.gz
  http://www.squid-cache.org/Versions/v2/2.4/squid-2.4.STABLE4-src.tar.g z

National Science Foundation Squid Web Proxy 2.4 STABLE2

• Conectiva squid-2.4.1-4U70_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/squid-2.4.1-4U70_2cl.i386 .rpm


• Conectiva squid-auth-2.4.1-4U70_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/squid-auth-2.4.1-4U70_2cl .i386.rpm


• Conectiva squid-doc-2.4.1-4U70_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/squid-doc-2.4.1-4U70_2cl. i386.rpm


• Conectiva squid-templates-2.4.1-4U70_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/squid-templates-2.4.1-4U7 0_2cl.i386.rpm


• National Science Foundation squid-2.4.STABLE4-src.tar.gz
  http://www.squid-cache.org/Versions/v2/2.4/squid-2.4.STABLE4-src.tar.g z

National Science Foundation Squid Web Proxy 2.4 STABLE1

• MandrakeSoft squid-2.4.STABLE4-1.5mdk.i586.rpm
  Release 1.0.1
  http://telia.dl.sourceforge.net/mirrors/mandrake/updates/1.0.1/RPMS/sq uid-2.4.STABLE4-1.5mdk.i586.rpm


• MandrakeSoft squid-2.4.STABLE4-1.5mdk.i586.rpm
  Release 7.1
  http://telia.dl.sourceforge.net/mirrors/mandrake/updates/7.1/RPMS/squi d-2.4.STABLE4-1.5mdk.i586.rpm


• MandrakeSoft squid-2.4.STABLE4-1.5mdk.i586.rpm
  Release 7.2
  http://telia.dl.sourceforge.net/mirrors/mandrake/updates/7.2/RPMS/squi d-2.4.STABLE4-1.5mdk.i586.rpm


• MandrakeSoft squid-2.4.STABLE4-1.5mdk.i586.rpm
  Release snf7.2
  http://telia.dl.sourceforge.net/mirrors/mandrake/updates/snf7.2/RPMS/s quid-2.4.STABLE4-1.5mdk.i586.rpm


• MandrakeSoft squid-2.4.STABLE4-1.6mdk.i586.rpm
  Release 8.0
  http://telia.dl.sourceforge.net/mirrors/mandrake/updates/8.0/RPMS/squi d-2.4.STABLE4-1.6mdk.i586.rpm


• MandrakeSoft squid-2.4.STABLE4-1.6mdk.ppc.rpm
  Release 8.0
  http://telia.dl.sourceforge.net/mirrors/mandrake/updates/ppc/8.0/RPMS/ squid-2.4.STABLE4-1.6mdk.ppc.rpm


• National Science Foundation squid-2.4.STABLE4-src.tar.gz
  http://www.squid-cache.org/Versions/v2/2.4/squid-2.4.STABLE4-src.tar.g z


• Red Hat squid-2.4.STABLE3-1.7.2.i386.rpm
  Release 7.2
  ftp://updates.redhat.com/7.2/en/os/i386/squid-2.4.STABLE3-1.7.2.i386.r pm


• Red Hat squid-2.4.STABLE3-1.7.2.ia64.rpm
  Release 7.2
  ftp://updates.redhat.com/7.2/en/os/ia64/squid-2.4.STABLE3-1.7.2.ia64.r pm