Squid Buffer Overflow Vulnerability in SNMP OID Processing

A stack-based buffer overflow vulnerability has been identified in Squid Web Proxy Cache versions through 7.1. This issue arises in the SNMP message processing component, specifically within the 'asn_build_objid' function of the 'lib/snmplib/asn1.c' file. The vulnerability is related to the improper handling of ASN.1 encoding for long SNMP Object Identifiers (OIDs), which can be exploited to cause a denial-of-service condition by overwriting the stack.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, causing a denial-of-service condition by crashing the Squid process after overwriting the stack.

Reproduction

The vulnerability can be reproduced by sending SNMP messages containing long OIDs to a Squid server listening on the default SNMP port. This can be done using an SNMP management tool or script that allows the specification of OID values. The Squid server must be configured to accept SNMP messages, and the 'snmpHandleUdp' function will process the incoming packet, triggering the buffer overflow.

Remediation

Users can upgrade to Squid version 7.1.1 or later, where this vulnerability has been fixed.