14 DAY TRIAL // Squid's development team has released a security update on October 27 patching a Denial of Service (DoS) SNMP processing issue and a Cross-Site Scripting (XSS) issue in TLS error processing.
The Squid fully-featured HTTP/1.0 proxy provides authorization and logging features for web proxies and Internet-facing applications, and it can be installed and used on a multitude of platforms from Linux-based machines to Windows computers, as well as macOS-powered workstations using the Fink package manager.
"Many of you are using Squid without even knowing it! Some companies have embedded Squid in their home or office firewall devices, others use Squid in large-scale web proxy installations to speed up broadband and dialup internet access," says Squid's About page. "Squid is being increasingly used in content delivery architectures to deliver static and streaming video/audio to internet users worldwide."
According to the SQUID-2018:5 security advisory, the vulnerability is caused by an SNMP query rejection code memory leak which can lead to a DoS condition by allowing a potential remote attacker to "consume all memory available to the Squid process, causing it to crash."
Squid's developers have already fixed the issue in the Squid 4.4 release, and they also provide patches addressing the bug for the Squid 3.5 and Squid 4 stable releases.
The DoS security issue has been fixed in the Squid 4.4 release and patches are available for the 3.5 and 4 stable versions
"In environments where per-process memory restrictions are not enforced strictly or configured to large values, this may also affect other processes operating on the same machine. Leading to a much worse denial of service situation," also says the advisory.
However, other processes being affected by Squid's DoS vulnerability will happen only on machines with SNMP support enabled and that are also receiving SNMP traffic.
This allows Squid users to use workarounds suggested by the development team, by removing the vulnerability when the snmp_port and related configuration settings are deleted or by reducing the risk when firewall inspection of SNMP packets is enabled.
If you want to find the version of your Squid installation and its build options you can use use the following command:
We managed to discover roughly 612,000 servers running the 3.5.23, 3.3.4, and 3.5.27 Squid vulnerable versions, while only two servers running the patched Squid 4.4 were detected in a subsequent scan.