[squid-users] Cache poisoning vulnerability 3.5.23

Amos Jeffries squid3 at treenet.co.nz
Wed Jul 26 20:09:57 UTC 2017


On 26/07/17 23:33, Omid Kosari wrote:
> By my experience if you see any output from following command you may be a
> victim
> 
> grep -a 'generate_204' /var/log/squid/access.log | grep -v '/204 ' | grep -v
> '/000' | grep -v opera | grep -v ucweb | grep -v apple
> 

OR, you have Android clients on your network doing network 
troubleshooting tests.

Cache poisoning (if it is that) is a serious security issue. Please 
bring the details of security problems to the *squid-bugs* mailing list 
so it can be investigated and solved, rather than blind-siding everyone 
with a public announcement like this.

Amos


More information about the squid-users mailing list