vulnerability alert CVE-2012-3501

SquidClamav: denial of service via URL

Synthesis of the vulnerability

An attacker can use an url containing special characters, to stop SquidClamav, in order for example to transmit a malware.
Impacted products: Unix (platform).
Severity: 2/4.
Creation date: 17/08/2012.
Identifiers: CVE-2012-3501, VIGILANCE-VUL-11866.

Description of the vulnerability

The SquidClamav program is an interface between the Squid proxy and the Clam AV antivirus.

The SquidGuard program forbids the access to some urls.

When SquidClamav and SquidGuard are used simultneously, SquidGuard provides unescaped urls (containing for example %0A instead of %250A), which forces SquidClamav to add this character (a line feed) in its command tunnel. The SquidClamav state thus becomes inconsistent, and the next query stops it.

An attacker can therefore use an url containing special characters, to stop SquidClamav, in order for example to transmit a malware.
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

          

Computer vulnerabilities tracking service

Vigil@nce provides a computer vulnerability alert. The technology watch team tracks security threats targeting the computer system. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.