Check Point Advisories

Squid WCCP Message Parsing Denial Of Service (CVE-2005-0095)

Check Point Reference: CPAI-2005-190
Date Published: 26 Oct 2009
Severity: Medium
Last Updated: 11 Feb 2018
Industry Reference:CVE-2005-0095
Protection Provided by:

Security Gateway
R80, R77, R75

Who is Vulnerable?
Vulnerability Description Squid is a full featured, open source web proxy caching server. It supports the proxying of a variety of protocols including FTP, Gopher, and HTTP. It also supports the distribution of cached objects through the Web Cache Communication Protocol (WCCP). A vulnerability exists in the way the Squid web proxy/cache parses a Web Cache Communication Protocol (WCCP) message. A specially crafted WCCP I_SEE_YOU message can trigger a memory access exception. This flaw can be exploited to terminate the vulnerable product, creating a denial of service condition. In most cases, upon receiving an attack, a Squid proxy will continue without change to its functionality since the invalid web cache field will not trigger a memory read exception. However, in certain attack cases, the process may terminate on a read access error, causing a denial of service.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

  1. In the IPS tab, click Protections and find the Squid WCCP Message Parsing Denial Of Service protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Proxy Server Enforcement Violation.
Attack Information:  Squid WCCP message parsing denial of service

This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO