|Check Point Reference:||CPAI-2005-190|
|Date Published:||26 Oct 2009|
|Last Updated:||11 Feb 2018|
|Protection Provided by:||
|Who is Vulnerable?|
|Vulnerability Description||Squid is a full featured, open source web proxy caching server. It supports the proxying of a variety of protocols including FTP, Gopher, and HTTP. It also supports the distribution of cached objects through the Web Cache Communication Protocol (WCCP). A vulnerability exists in the way the Squid web proxy/cache parses a Web Cache Communication Protocol (WCCP) message. A specially crafted WCCP I_SEE_YOU message can trigger a memory access exception. This flaw can be exploited to terminate the vulnerable product, creating a denial of service condition. In most cases, upon receiving an attack, a Squid proxy will continue without change to its functionality since the invalid web cache field will not trigger a memory read exception. However, in certain attack cases, the process may terminate on a read access error, causing a denial of service.|
This protection will detect and block attempts to exploit this vulnerability
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: Proxy Server Enforcement Violation.
Attack Information: Squid WCCP message parsing denial of service