SquidGuard

HOME Downloads Documentation Development Blacklists Contributions Contact


  squidGuard Advisory: SG-2007-04-15


Two bypass vulnerabilities fixed
Date: 15 April 2007

Affected versions: < 1.2.1
Corrected in version 1.2.1

Description:
  1. Multiple slash bypass vulnerability
    By supplying multiple slashes in an URL it is possible to bypass the filter and access blocked sites.
    Credits:
    Special thanks to Alberto Colosi for reporting this error and Mark Clayton (mark_clayton (at) users.sourceforge.net) for fixing it.

  2. Encoding bypass vulnerability
    A bug has been found and fixed in the URL decoding method. By substituting one or more parts of an URL with ascii code the filter could be bypassed.

Corrected version available at:
http://www.squidguard.org/Downloads/squidGuard-1.2.1.tar.gz
(MD5: b6700f59c48fde5ad4d12f871acba93a)




Documentation
Installation
Configuration
 Getting started
 Destination ACLs
 Source ACLs
 Redirect Rule
 Time Constraints
 Authentication
 Regular Expressions
 Examples

Runtime Options
About blocking
Troubleshooting
Known Issues
Other Sources



  © Powered by Shalla Secure Services KG 2007-2012