FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

squid -- buffer overflow vulnerability in gopherToHTML

Affected packages
squid < 2.5.7_6

Details

VuXML ID 184ab9e0-64cd-11d9-9e1e-c296ac722cb3
Discovery 2005-01-11
Entry 2005-01-12
Modified 2005-01-22

The squid patches page notes:

A malicious gopher server may return a response with very long lines that cause a buffer overflow in Squid.

Workaround: Since gopher is very obscure these days, do not allow Squid to any gopher servers. Use an ACL rule like:

acl Gopher proto gopher
http_access deny Gopher
[source]

References

CVE Name CVE-2005-0094
URL http://www.squid-cache.org/Advisories/SQUID-2005_1.txt
URL http://www.squid-cache.org/bugs/show_bug.cgi?id=1189
URL http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-gopher_html_parsing

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.