vulnerability alert CVE-2012-3501
SquidClamav: denial of service via URL
Synthesis of the vulnerability
An attacker can use an url containing special characters, to stop SquidClamav, in order for example to transmit a malware.Impacted products:
Description of the vulnerability
The SquidClamav program is an interface between the Squid proxy and the Clam AV antivirus.
The SquidGuard program forbids the access to some urls.
When SquidClamav and SquidGuard are used simultneously, SquidGuard provides unescaped urls (containing for example %0A instead of %250A), which forces SquidClamav to add this character (a line feed) in its command tunnel. The SquidClamav state thus becomes inconsistent, and the next query stops it.
An attacker can therefore use an url containing special characters, to stop SquidClamav, in order for example to transmit a malware.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides a computer vulnerability alert
. The technology watch team tracks security threats targeting the computer system. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.