Squid Malformed Host Name Error Message Information Disclosure

This script is Copyright (C) 2004-2011 Tenable Network Security, Inc.


Synopsis :

The remote service is vulnerable to information disclosure.

Description :

The remote host running a Squid proxy on this port.

There is a vulnerability in the remote version of this software which may
allow an attacker to disclose the content of its memory by causing the
use of a freed pointer.

See also :

http://bugs.squid-cache.org/show_bug.cgi?id=1143

Solution :

Apply the vendor released patch, for squid it is located here:
www.squid-cache.org. You can also protect yourself by enabling
access lists on your proxy.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:H/RL:OF/RC:ND)
Public Exploit Available : true

Family: Firewalls

Nessus Plugin ID: 15929 ()

Bugtraq ID: 11865

CVE ID: CVE-2004-2479