Squid FTP Proxy Data Channel Vulnerabilities

Squid is a freely available, open source web proxy software package. It is designed for use on the Unix and Linux platforms.

The Squid development team has reported that sanity checking for FTP data connections has been implemented in version 2.4.STABLE7. The checks are for FTP sessions proxied through Squid. They may prevent data injection/theft attacks or potentially evasion of firewall/proxy rules.


 

Privacy Statement
Copyright 2010, SecurityFocus