Squid SSL-DoS

Squid is a popular open-source caching and forwarding proxy. It can used in a variety of ways; one of which is a feature called ‘bump’. There’s a denial-of-service (DoS) vulnerability in Squid’s ‘bump feature that occurs due to a failure to properly validate input. A specially crafted client or server ‘hello’ message can trigger this unauthenticated DoS vulnerability.

Squid provides a SSL-bump feature to allow man-in-the-middle SSL connections. It happens specifically when the ‘hello’ message has extension length that’s greater than 32767. The variable that stores this length is an unsigned short. Thus when a number larger than 32767 is provided, extension’s value decreases in size. This leads to an infinite loop, high CPU utilization and eventually a denial-of-service due to exhaustion.

Dell Sonicwall has following signature that protects our customers from this attack

• IPS 11239 : Squid SSL-DoS

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.