The vulnerability of the Squid proxy server arises from insufficient validation of input data in the ext_lm_group_acl. This allows a hacker to terminate the Squid process and cause a service failure for all clients that use the proxy.

The vulnerability of the Squid proxy server exists due to insufficient validation of input data in extlmgroupacl. Exploiting this vulnerability could allow a malicious actor to terminate the Squid process remotely and cause service failures for all clients using the proxy...

openSUSE Security Update : squid (openSUSE-2020-606)

This update for squid to version 4.10 fixes the following issues : Security issues fixed : - CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway bsc1162689. - CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy bsc1162687. - CVE-2020-8450: Fixed a buff...

Security update for squid (moderate)

openSUSE Security Update: Security update for squid Announcement ID: openSUSE-SU-2020:0606-1 Rating: moderate References: 1162687 1162689 1162691 Cross-References: CVE-2019-12528 CVE-2020-8449 CVE-2020-8450 CVE-2020-8517 Affected Products: openSUSE Leap 15.1 An update that fixes four...

SUSE SLES12 Security Update : squid (SUSE-SU-2020:0661-1)

This update for squid fixes the following issues : CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway bsc1162689. CVE-2019-12526: Fixed potential remote code execution during URN processing bsc1156326. CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in URI...

openSUSE Security Update : squid (openSUSE-2020-307)

This update for squid to version 4.10 fixes the following issues : Security issues fixed : - CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway bsc1162689. - CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy bsc1162687. - CVE-2020-8450: Fixed a buff...

Security update for squid (moderate)

openSUSE Security Update: Security update for squid Announcement ID: openSUSE-SU-2020:0307-1 Rating: moderate References: 1162687 1162689 1162691 Cross-References: CVE-2019-12528 CVE-2020-8449 CVE-2020-8450 CVE-2020-8517 Affected Products: openSUSE Leap 15.1 An update that fixes four...

SUSE SLES12 Security Update : squid (SUSE-SU-2020:0487-1)

This update for squid to version 4.10 fixes the following issues : Security issues fixed : CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway bsc1162689. CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy bsc1162687. CVE-2020-8450: Fixed a buffer...

SUSE SLES15 Security Update : squid (SUSE-SU-2020:0493-1)

This update for squid to version 4.10 fixes the following issues : Security issues fixed : CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway bsc1162689. CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy bsc1162687. CVE-2020-8450: Fixed a buffer...

Squid ext_lm_group_acl out-of-bounds write vulnerability

Squid is a suite of proxy server and web caching server software. An out-of-bounds write vulnerability exists in Squid extlmgroupacl parsing of NTLM authentication credentials, which can be exploited by a remote attacker to submit a special request to obtain sensitive information or conduct a...

Squid -- multiple vulnerabilities

The Squid developers reports: Improper Input Validation issues in HTTP Request processing CVE-2020-8449, CVE-2020-8450. Information Disclosure issue in FTP Gateway CVE-2019-12528. Buffer Overflow issue in extlmgroupacl helper CVE-2020-8517...

Internet Bug Bounty: Buffer Overflow in ext_lm_group_acl helper

Summary Due to incorrect buffer management extlmgroupacl is vulnerable to a denial of service attack when processing NTLM Authentication credentials. This problem is limited to installations using the extlmgroupacl binary. Affected Versions Squid 2.x - 2.7.STABLE9 Squid 3.x - 3.5.28 Squid 4.x - 4...