"Jordan Mendelson" writes:
>As far as I can tell, Squid is not vulnerable to this style exploit (to a
>point). I was unable to pass a ^J through an HTTP header to get something on
>it's own line (required for SMTP "." and anything else which will not allow
>:'s).
>
>Can anyone confirm this? Standard attack would look like this:
>
># telnet squid 3128
>GET http://mail.yourhost.com:25/ HTTP/1.0
>helo yahoo.com :
>mail from: someone@yahoo.com
>rcpt to: someone@yourhost.com
>data :
>:^J.^J
>
>There is a similar gopher attack, however gopher is probably disabled on
>everyone's Squid proxy :)
Squid has this sort of hole as well. With the most recent version
you can plug it by uncommenting these lines in the default squid.conf:
acl Safe_ports port 80 21 70 1025-65535
http_access deny !Safe_ports
I just realized that probably prevents valid SSL ports 443 and 563
however.
Duane W.
Received on Fri Oct 09 1998 - 16:01:28 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:42:24 MST