Alex Masterov has reported a vulnerability in Squid,
which potentially can be exploited by malicious people
to cause a DoS.
The vulnerability is caused due to an unspecified error
in the "sslConnectTimeout()" function after handling
malformed requests. This may be exploited to crash Squid.
CAN-2005-2796
- Malicious users may spoof DNS lookups if the DNS client UDP port (random,
assigned by OS at startup) is unfiltered and your network is not protected
from IP spoofing.
- CVE-1999-0710, adds access controls to the cachemgr.cgi script, preventing
it from being abused to reach other servers than allowed in a local
configuration file.
A parsing error exists in the SNMP module of Squid where a
specially-crafted UDP packet can potentially cause the server to
restart, closing all current connections.
- add snmp FLAVOR from Joel CARNAT <joel at carnat dot net>
- add some auth types and auth/acl helpers
- add NTLM auth SMB patch even though the default port does NOT compile this support in
