[squid-users] CVE-2009-0801

dc dc.sqml at ntcomputer.de
Fri Dec 18 19:52:27 UTC 2015


please help me to understand the issue of CVE-2009-0801. Description of
the CVE:

"Squid, when transparent interception mode is enabled, uses the HTTP
Host header to determine the remote endpoint, which allows remote
attackers to bypass access controls for Flash, Java, Silverlight, and
probably other technologies, and possibly communicate with restricted
intranet sites, via a crafted web page that causes a client to send HTTP
requests with a modified Host header."

Looking at source code, to mitigate this issue, effectively
client_dst_passthru is enforced even when client_dst_passthru is set to
off in the configuration, when a mismatch between DNS resolved addresses
und original request destination address is detected.

I do not really understand how a possible attack could look like, could
you provide an example?

Many thanks!

More information about the squid-users mailing list