Check Point Advisories

Preemptive Protection against Squid idnsALookup DNS Name Handling Buffer Overflow (CVE-2013-4115)

Check Point Reference: CPAI-2013-2756
Date Published: 25 Aug 2013
Severity: High
Last Updated: Saturday 20 April, 2024
Source: CVE-2011-3205
Protection Provided by:

Security Gateway
R75
Who is Vulnerable? Squid Project Squid 3.2.x prior to 3.2.12
Squid Project Squid 3.3.x prior to 3.3.7
Vulnerability Description A buffer overflow vulnerability exists in Squid proxy.
Vulnerability DetailsThe vulnerability is due to incorrect data validation. A remote, unauthenticated attacker could exploit this vulnerability by sending a specially crafted request to the Squid proxy. A successful attack attempt could possibly result in the execution of arbitrary code in the security context of the process. An unsuccessful attack will terminate the Squid service creating a denial-of-service condition.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.
No update is required to address this vulnerability

Users are protected against this vulnerability if the HTTP Format Sizes protection found in the Protection section of CPAI-2013-2454 has been applied.

Security Gateway R75 / R71 / R70

  1. In the IPS tab, click Protections and find the HTTP Format Sizes protection. Choose the required profile.
  2. Choose the protection's action (Override IPS Policy with: Prevent/Detect).
  3. Click 'Apply to all HTTP traffic'.
  4. Under 'Specific Header Lengths' click 'Add', configure a header name and set 'Header Max Length' to '253'.
  5. Install policy on all modules.

SmartView Tracker will log the following entries:
Attack Name: Proxy Server Enforcement Violation
Attack Information: Squid Proxy Gopher Response Processing Denial of Service

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK