Fleximus Blog


Matthieu Bouthors from #IHTeam.net has discovered that squidGuard 1.4 is vulnerable to multiple buffer overflow attacks. An attacker might for example use a buffer closely to 4096 characters to bring squidGuard into emergency mode and bypass all filter rules.

SquidGuard is an url filtering software which is often used with squid, the (caching) proxy server. It is licensed under the GNU Public License.

CVE-2009-3700 is actually in the reviewing state. ■