BID:12433

Squid Proxy Malformed HTTP Header Parsing Cache Poisoning Vulnerability

Info

Squid Proxy Malformed HTTP Header Parsing Cache Poisoning Vulnerability

Bugtraq ID:	12433
Class:	Input Validation Error
CVE:	CVE-2005-0175
Remote:	Yes
Local:	No
Published:	Feb 02 2005 12:00AM
Updated:	Feb 22 2007 02:16AM
Credit:	The individual or individuals responsible for the discovery of this issue are currently unknown; the vendor disclosed this issue.
Vulnerable:	SuSE Linux 8.1 Squid Web Proxy Cache 2.5 .STABLE7 + Gentoo Linux + Redhat Fedora Core3 + Redhat Fedora Core2 Squid Web Proxy Cache 2.5 .STABLE6 + Mandriva Linux Mandrake 10.1 x86_64 + S.u.S.E. Linux Personal 9.2 x86_64 + S.u.S.E. Linux Personal 9.2 + Turbolinux Appliance Server 1.0 Workgroup Edition + Turbolinux Appliance Server 1.0 Hosting Edition + Turbolinux Appliance Server Hosting Edition 1.0 + Turbolinux Appliance Server Workgroup Edition 1.0 + Turbolinux Turbolinux Server 10.0 + Turbolinux Turbolinux Server 8.0 + Turbolinux Turbolinux Server 7.0 + Turbolinux Turbolinux Workstation 8.0 + Turbolinux Turbolinux Workstation 7.0 Squid Web Proxy Cache 2.5 .STABLE5 + S.u.S.E. Linux Personal 9.1 x86_64 + S.u.S.E. Linux Personal 9.1 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 Squid Web Proxy Cache 2.5 .STABLE4 + MandrakeSoft Corporate Server 3.0 + Mandriva Linux Mandrake 10.0 AMD64 + Mandriva Linux Mandrake 10.0 + OpenPKG OpenPKG 2.0 + OpenPKG OpenPKG Current Squid Web Proxy Cache 2.5 .STABLE3 + Mandriva Linux Mandrake 9.2 amd64 + Mandriva Linux Mandrake 9.2 + OpenPKG OpenPKG 1.3 + Redhat Desktop 3.0 + Redhat Enterprise Linux AS 3 + Redhat Enterprise Linux ES 3 + Redhat Enterprise Linux WS 3 + Redhat Fedora Core1 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 Squid Web Proxy Cache 2.5 .STABLE1 + Mandriva Linux Mandrake 9.1 ppc + Mandriva Linux Mandrake 9.1 + S.u.S.E. Linux Personal 8.2 Squid Web Proxy Cache 2.4 .STABLE7 + MandrakeSoft Corporate Server 2.1 x86_64 + MandrakeSoft Corporate Server 2.1 + MandrakeSoft Multi Network Firewall 2.0 + Redhat Enterprise Linux AS 2.1 IA64 + Redhat Enterprise Linux AS 2.1 + Redhat Enterprise Linux ES 2.1 IA64 + Redhat Enterprise Linux ES 2.1 + Redhat Enterprise Linux WS 2.1 IA64 + Redhat Enterprise Linux WS 2.1 + Redhat Linux Advanced Work Station 2.1 Squid Web Proxy Cache 2.4 .STABLE6 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 Squid Web Proxy Cache 2.4 .STABLE2 Squid Web Proxy Cache 2.4 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 Squid Web Proxy Cache 2.3 .STABLE5 Squid Web Proxy Cache 2.3 .STABLE4 Squid Web Proxy Cache 2.1 PATCH2 Squid Web Proxy Cache 2.0 PATCH2 SGI ProPack 3.0 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 Redhat Linux 9.0 i386 Redhat Linux 7.3 i386 Redhat Fedora Core2 Redhat Fedora Core1 Astaro Security Linux 4.0 17 Astaro Security Linux 4.0 16 Astaro Security Linux 4.0 08 Astaro Security Linux 3.217 Astaro Security Linux 3.2 16 Astaro Security Linux 3.2 15 Astaro Security Linux 3.2 12 Astaro Security Linux 3.2 11 Astaro Security Linux 3.2 10 Astaro Security Linux 3.2 00 Astaro Security Linux 2.0 30 Astaro Security Linux 2.0 27 Astaro Security Linux 2.0 26 Astaro Security Linux 2.0 25 Astaro Security Linux 2.0 24 Astaro Security Linux 2.0 23 Astaro Security Linux 2.0 16

Not Vulnerable:

Discussion

Squid Proxy Malformed HTTP Header Parsing Cache Poisoning Vulnerability

Squid Proxy is reported prone to a cache-poisoning vulnerability when processing malformed HTTP requests and responses. This issue results from insufficient sanitization of user-supplied data.

Squid versions 2.5 and earlier are reported prone to this issue.

Exploit / POC

Squid Proxy Malformed HTTP Header Parsing Cache Poisoning Vulnerability

An exploit is not required.

Solution / Fix

Squid Proxy Malformed HTTP Header Parsing Cache Poisoning Vulnerability

Solution:
Please see the referenced vendor advisories for more information and fixes.

Squid Web Proxy Cache 2.4 .STABLE7

Mandrake squid-2.4.STABLE7-1.2.M82mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.4.STABLE7-2.1.C21mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.4.STABLE7-2.1.C21mdk.x86_64.rpm
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.4.STABLE7-2.2.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.4.STABLE7-2.2.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/x86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.4.STABLE7-2.3.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.4.STABLE7-2.3.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/x86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.4.STABLE7-2.4.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.4.STABLE7-2.4.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/x86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.4.STABLE7-2.5.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.4.STABLE7-2.5.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/x86_64
http://www.mandrakesecure.net/en/ftp.php

SuSE squid-2.4.STABLE7-288.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/squid-2.4.STABLE7 -288.i586.rpm

Squid Web Proxy Cache 2.4 .STABLE6

Debian squid-cgi_2.4.6-2woody6_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2 woody6_alpha.deb

Debian squid-cgi_2.4.6-2woody6_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2 woody6_arm.deb

Debian squid-cgi_2.4.6-2woody6_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2 woody6_hppa.deb

Debian squid-cgi_2.4.6-2woody6_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2 woody6_i386.deb

Debian squid-cgi_2.4.6-2woody6_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2 woody6_ia64.deb

Debian squid-cgi_2.4.6-2woody6_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2 woody6_m68k.deb

Debian squid-cgi_2.4.6-2woody6_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2 woody6_mips.deb

Debian squid-cgi_2.4.6-2woody6_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2 woody6_mipsel.deb

Debian squid-cgi_2.4.6-2woody6_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2 woody6_powerpc.deb

Debian squid-cgi_2.4.6-2woody6_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2 woody6_s390.deb

Debian squid-cgi_2.4.6-2woody6_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2 woody6_sparc.deb

Debian squid_2.4.6-2woody6_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2wood y6_alpha.deb

Debian squid_2.4.6-2woody6_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2wood y6_arm.deb

Debian squid_2.4.6-2woody6_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2wood y6_hppa.deb

Debian squid_2.4.6-2woody6_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2wood y6_i386.deb

Debian squid_2.4.6-2woody6_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2wood y6_ia64.deb

Debian squid_2.4.6-2woody6_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2wood y6_m68k.deb

Debian squid_2.4.6-2woody6_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2wood y6_mips.deb

Debian squid_2.4.6-2woody6_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2wood y6_mipsel.deb

Debian squid_2.4.6-2woody6_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2wood y6_powerpc.deb

Debian squid_2.4.6-2woody6_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2wood y6_s390.deb

Debian squid_2.4.6-2woody6_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2wood y6_sparc.deb

Debian squidclient_2.4.6-2woody6_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6 -2woody6_alpha.deb

Debian squidclient_2.4.6-2woody6_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6 -2woody6_arm.deb

Debian squidclient_2.4.6-2woody6_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6 -2woody6_hppa.deb

Debian squidclient_2.4.6-2woody6_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6 -2woody6_i386.deb

Debian squidclient_2.4.6-2woody6_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6 -2woody6_ia64.deb

Debian squidclient_2.4.6-2woody6_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6 -2woody6_m68k.deb

Debian squidclient_2.4.6-2woody6_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6 -2woody6_mips.deb

Debian squidclient_2.4.6-2woody6_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6 -2woody6_mipsel.deb

Debian squidclient_2.4.6-2woody6_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6 -2woody6_powerpc.deb

Debian squidclient_2.4.6-2woody6_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6 -2woody6_s390.deb

Debian squidclient_2.4.6-2woody6_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6 -2woody6_sparc.deb

RedHat squid-2.4.STABLE7-0.73.3.legacy.i386.rpm
Red Hat Linux 7.3:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/squid-2.4.STA BLE7-0.73.3.legacy.i386.rpm

Squid Web Proxy Cache 2.4 .STABLE2

Mandrake squid-2.4.STABLE7-1.3.M82mdk.i586.rpm
Mandrake Multi Network Firewall 8.2
http://www.mandrakesecure.net/en/ftp.php

Squid Web Proxy Cache 2.5 .STABLE4

Mandrake squid-2.5.STABLE4-1.100mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-1.2.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-1.2.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-2.1.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-2.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-2.2.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-2.2.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-2.3.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-2.3.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-2.3.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-2.4.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-2.4.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-2.4.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-2.4.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-2.5.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-2.5.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-2.5.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE4-2.5.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php

Squid Web Proxy Cache 2.5 .STABLE7

Squid squid-2.5.STABLE7-header_parsing.patch
http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-head er_parsing.patch

Squid Web Proxy Cache 2.5 .STABLE6

Fedora squid-2.5.STABLE9-1.FC3.6.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora squid-2.5.STABLE9-1.FC3.6.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora squid-debuginfo-2.5.STABLE9-1.FC3.6.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora squid-debuginfo-2.5.STABLE9-1.FC3.6.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Mandrake squid-2.5.STABLE6-2.2.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE6-2.2.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE6-2.3.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE6-2.3.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE6-2.4.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php

SuSE squid-2.5.STABLE6-6.6.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/squid-2.5.STABLE6 -6.6.i586.rpm

SuSE squid-2.5.STABLE6-6.6.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/squid-2.5.STA BLE6-6.6.x86_64.rpm

TurboLinux squid-2.5.STABLE6-18.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/squid-2.5.STABLE6-18.i586.rpm

TurboLinux squid-2.5.STABLE6-18.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/upd ates/RPMS/squid-2.5.STABLE6-18.i586.rpm

TurboLinux squid-2.5.STABLE6-18.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/upd ates/RPMS/squid-2.5.STABLE6-18.i586.rpm

TurboLinux squid-2.5.STABLE6-18.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 7/updates/RPMS/squid-2.5.STABLE6-18.i586.rpm

TurboLinux squid-2.5.STABLE6-18.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 8/updates/RPMS/squid-2.5.STABLE6-18.i586.rpm

TurboLinux squid-debug-2.5.STABLE6-18.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/squid-debug-2.5.STABLE6-18.i586.rpm

Squid Web Proxy Cache 2.5 .STABLE1

RedHat squid-2.5.STABLE1-9.10.legacy.i386.rpm
Red Hat Linux 9:
http://download.fedoralegacy.org/redhat/9/updates/i386/squid-2.5.STABL E1-9.10.legacy.i386.rpm

SuSE squid-2.5.STABLE1-106.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/squid-2.5.STABLE1 -106.i586.rpm

Squid Web Proxy Cache 2.5 .STABLE3

Mandrake squid-2.5.STABLE3-3.1.92mdk.amd64.rpm
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE3-3.1.92mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE3-3.2.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE3-3.2.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE3-3.3.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE3-3.3.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE3-3.4.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE3-3.4.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE3-3.5.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE3-3.5.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE3-3.6.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE3-3.6.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE3-3.7.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake squid-2.5.STABLE3-3.7.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php

RedHat squid-2.5.STABLE3-2.fc1.6.legacy.i386.rpm
Fedora Core 1:
http://download.fedoralegacy.org/fedora/1/updates/i386/squid-2.5.STABL E3-2.fc1.6.legacy.i386.rpm

SuSE squid-2.5.STABLE3-118.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/squid-2.5.STABLE3 -118.i586.rpm

SuSE squid-2.5.STABLE3-118.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/squid-2.5.STA BLE3-118.x86_64.rpm

Squid Web Proxy Cache 2.5 .STABLE5

Conectiva squid-2.5.5-63116U10_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/squid-2.5.5-63116U10_8cl.i 386.rpm

Conectiva squid-2.5.5-76327U90_10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/squid-2.5.5-76327U90_10cl.i 386.rpm

Conectiva squid-auth-2.5.5-63116U10_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/squid-auth-2.5.5-63116U10_ 8cl.i386.rpm

Conectiva squid-auth-2.5.5-76327U90_10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/squid-auth-2.5.5-76327U90_1 0cl.i386.rpm

Conectiva squid-extra-templates-2.5.5-63116U10_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/squid-extra-templates-2.5. 5-63116U10_8cl.i386.rpm

Conectiva squid-extra-templates-2.5.5-76327U90_10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/squid-extra-templates-2.5.5 -76327U90_10cl.i386.rpm

RedHat squid-2.5.STABLE9-1.FC2.4.legacy.i386.rpm
Fedora Core 2:
http://download.fedoralegacy.org/fedora/2/updates/i386/squid-2.5.STABL E9-1.FC2.4.legacy.i386.rpm

SuSE squid-2.5.STABLE5-42.27.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/squid-2.5.STABLE5 -42.27.i586.rpm

SuSE squid-2.5.STABLE5-42.27.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/squid-2.5.STA BLE5-42.27.x86_64.rpm

Ubuntu squid-cgi_2.5.5-6ubuntu0.4_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5. 5-6ubuntu0.4_amd64.deb

Ubuntu squid-cgi_2.5.5-6ubuntu0.4_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5. 5-6ubuntu0.4_i386.deb

Ubuntu squid-cgi_2.5.5-6ubuntu0.4_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5. 5-6ubuntu0.4_powerpc.deb

Ubuntu squid-common_2.5.5-6ubuntu0.4_all.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.5 -6ubuntu0.4_all.deb

Ubuntu squid_2.5.5-6ubuntu0.4_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubunt u0.4_amd64.deb

Ubuntu squid_2.5.5-6ubuntu0.4_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubunt u0.4_i386.deb

Ubuntu squid_2.5.5-6ubuntu0.4_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubunt u0.4_powerpc.deb

Ubuntu squidclient_2.5.5-6ubuntu0.4_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2. 5.5-6ubuntu0.4_amd64.deb

Ubuntu squidclient_2.5.5-6ubuntu0.4_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2. 5.5-6ubuntu0.4_i386.deb

Ubuntu squidclient_2.5.5-6ubuntu0.4_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2. 5.5-6ubuntu0.4_powerpc.deb

SGI ProPack 3.0

SGI Patch10144
http://support.sgi.com/

References

Squid Proxy Malformed HTTP Header Parsing Cache Poisoning Vulnerability

References:

Reject malformed HTTP requests and responses that conflict with the HTTP specifi (Squid)
RHSA-2005:061-19 - Updated Squid package fixes security issues (RedHat)
Squid Web Proxy Cache Homepage (Squid)
Up2Date 5.200 (Astaro)