PFSense Squid Package - CVE-2018-1000024
-
Hello,
Is pfsense squid package affected by CVE-2018-1000024 - Squid Proxy Remote DOS (TCP 3128)?
Thanks.
-
The CVE says that versions up to and including 3.5.27 are affected, and this is the version currently supported by pfSense.
-
Is having a firewall rules in place enough since this is the current version of squid supported?
Also, enabling the option Suppress Squid Version enough to hide the squid version?
Please see attached snapshots.
Thanks.
-
Is having a firewall rules in place enough since this is the current version of squid supported?
Did you actually read the CVE??
"The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax."
All this means is that a funny packet can crash squid. If you want to protect against this via firewall rules, simply block all tcp 80/443 traffic. You won't be able to use the web at all, but you will be safe from having your squid crashed if you happen to hit the figurative lottery and somehow stumble upon this…
Also, enabling the option Suppress Squid Version enough to hide the squid version?
Probably. Test it and see:
http://www.lagado.com/proxy-test
You should suppress squid version, turn off VIA headers, and delete the X-Forwarder header.
