The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Squid ICAP

vulnerability bulletin 8573

Squid 3: denial of service via ICAP

Synthesis of the vulnerability

An authenticated attacker can create a denial of service when Squid-cache uses ICAP.
Impacted products: Squid, Squid ICAP.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: user account.
Creation date: 30/03/2009.
Identifiers: BID-34277, VIGILANCE-VUL-8573.

Description of the vulnerability

Squid implements ICAP (Internet Content Adaptation Protocol, RFC 3507), in order for example to use an antivirus to scan web documents.

Data flow through the ICAP server and Squid, and then between Squid and the web client. However, if the web client does not read data, Squid still continues to read them from the ICAP server and stores them in memory. If the document transferred by ICAP is big, an important amount of memory is thus used by Squid.

An authenticated attacker can therefore initiate the transfer of a big file and then stop reading data in order to force Squid to keep the big file in its memory. By opening several parallel sessions, an attacker can thus progressively create a denial of service on Squid.

This vulnerability is similar to VIGILANCE-VUL-7402 which impacted the Squid 2 implementation.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 7402

Squid 2: denial of service via ICAP

Synthesis of the vulnerability

An authenticated attacker can force ICAP to consume all memory of proxy.
Impacted products: Squid, Squid ICAP.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: user account.
Creation date: 11/12/2007.
Identifiers: VIGILANCE-VUL-7402.

Description of the vulnerability

The ICAP protocol (Internet Content Adaptation Protocol, RFC 3507) permits to change the stream handling in the proxy, in order for example to transmit data to an antivirus.

When an user clicks on a file to download, but waits without indicating where to save it, data from file are transferred via ICAP but are not transmitted to the user. These temporary data are only stored in the memory.

An attacker can therefore request Squid to download a big file and wait for its data to exhaust the memory of proxy. The authenticated attacker can thus create a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Squid ICAP: