Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFSense Squid Package - CVE-2018-1000024

    Scheduled Pinned Locked Moved Cache/Proxy
    4 Posts 2 Posters 713 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      svinz07
      last edited by

      Hello,

      Is pfsense squid package affected by CVE-2018-1000024 - Squid Proxy Remote DOS (TCP 3128)?

      Thanks.

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        The CVE says that versions up to and including 3.5.27 are affected, and this is the version currently supported by pfSense.

        1 Reply Last reply Reply Quote 0
        • S
          svinz07
          last edited by

          Is having a firewall rules in place enough since this is the current version of squid supported?

          Also, enabling the option Suppress Squid Version enough to hide the squid version?

          Please see attached snapshots.

          Thanks.

          squid.png
          squid.png_thumb
          squid-version.jpg
          squid-version.jpg_thumb

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            Is having a firewall rules in place enough since this is the current version of squid supported?

            Did you actually read the CVE??

            "The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax."

            All this means is that a funny packet can crash squid.  If you want to protect against this via firewall rules, simply block all tcp 80/443 traffic.  You won't be able to use the web at all, but you will be safe from having your squid crashed if you happen to hit the figurative lottery and somehow stumble upon this…

            Also, enabling the option Suppress Squid Version enough to hide the squid version?

            Probably.  Test it and see:

            http://www.lagado.com/proxy-test

            You should suppress squid version, turn off VIA headers, and delete the X-Forwarder header.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.