[12327] in bugtraq
[squid] external authentication security issue
daemon@ATHENA.MIT.EDU (Oezguer Kesim)
Mon Oct 25 16:04:13 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19991025203036.A1366@kesim.dialup.fu-berlin.de>
Date: Mon, 25 Oct 1999 20:30:36 +0200
Reply-To: Oezguer Kesim <oec@CODEBLAU.DE>
From: Oezguer Kesim <oec@CODEBLAU.DE>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
Holla,
two weeks ago I found a security bug in squid, a web proxy cache, freely
available at http://squid.nlanr.net/
Here you find the short Buglog-entry as shown at
http://squid.nlanr.net/Versions/v2/2.2/bugs/
Please note that the bug applies whenever a external authenticator is used.
cheers,
Oezguer Kesim
oec@codeblau.de
Newlines in passwords confuses the authenticator program
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Platforms All
Versions 2.2.STABLE5 and earlier
Synopsis After decoding the base64 encoded "user:password" pair
given by the client, squid doesn't strip out any '\n' or
'\r' found in the resulting string. Given such a string,
any external authenticator will receive two lines instead
of one, and most probably send two results. Now, any
subsequent authentification exchange will has its answer
shifted by one. Therefore, a malicious user can gain
access to sites he or she should not have access to.
Reported by Oezguer Kesim (oec@codeblau.de)
Patch http://squid.nlanr.net/Versions/v2/2.2/bugs/
squid-2.2.stable5-newlines_in_auth.patch
Status Fixed in 2.3 branch.
