Cache poisoning vulnerability 3.5.23

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Cache poisoning vulnerability 3.5.23

Omid Kosari
Hello,

Recently i have seen some Cache poisoning specially on android captive portal detection sites .
My squid was 3.5.19 (from https://packages.debian.org/stretch/squid) on Ubuntu Linux 16.04 . Then i have upgraded to latest version 3.5.23 (from https://packages.debian.org/stretch/squid) and purged specific pages but again i can see cache poisoning on same pages .

http://connectivitycheck.gstatic.com/generate_204
http://clients3.google.com/generate_204
http://172.217.20.206/generate_204
http://clients1.google.com/generate_204
http://google.com/generate_204
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Cache poisoning vulnerability 3.5.23

Omid Kosari
By my experience if you see any output from following command you may be a victim

grep -a 'generate_204' /var/log/squid/access.log | grep -v '/204 ' | grep -v '/000' | grep -v opera | grep -v ucweb | grep -v apple
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Cache poisoning vulnerability 3.5.23

Amos Jeffries
Administrator
On 26/07/17 23:33, Omid Kosari wrote:
> By my experience if you see any output from following command you may be a
> victim
>
> grep -a 'generate_204' /var/log/squid/access.log | grep -v '/204 ' | grep -v
> '/000' | grep -v opera | grep -v ucweb | grep -v apple
>

OR, you have Android clients on your network doing network
troubleshooting tests.

Cache poisoning (if it is that) is a serious security issue. Please
bring the details of security problems to the *squid-bugs* mailing list
so it can be investigated and solved, rather than blind-siding everyone
with a public announcement like this.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Cache poisoning vulnerability 3.5.23

Omid Kosari
Amos Jeffries wrote
Cache poisoning (if it is that) is a serious security issue. Please
bring the details of security problems to the *squid-bugs* mailing list
so it can be investigated and solved, rather than blind-siding everyone
with a public announcement like this.

Amos
I tried it before posting here but my message did not accepted after hours , so then i posted here .
I'll try again there .
Loading...