A critical security vulnerability nicknamed 'Squidbleed' has been discovered in the Squid web proxy, a flaw that has existed undetected for nearly three decades. Tracked as CVE-2026-47729, this bug allows authorised proxy users to intercept fragments of cleartext HTTP requests from other users, potentially exposing sensitive information such as login credentials and session tokens. What makes this discovery particularly noteworthy is that the security researcher credited Anthropic's Claude Mythos Preview artificial intelligence system with identifying the vulnerability.
The vulnerability primarily affects shared network environments where Squid proxy is commonly deployed, including schools, offices, and public Wi-Fi networks. However, the exploit requires specific conditions to be met. The attacker must already have legitimate access to the proxy as a trusted client, meaning random internet users cannot exploit this flaw. Additionally, the vulnerability only affects traffic that Squid can actually read in cleartext, such as unencrypted HTTP requests or TLS-terminating configurations where Squid decrypts and inspects traffic. Standard HTTPS connections that use CONNECT tunnels remain protected as Squid cannot see inside these encrypted channels.
To successfully exploit Squidbleed, an attacker also needs the proxy to reach an FTP server under their control on port 21, both of which are enabled by default in Squid configurations. The fix itself is relatively straightforward, involving a null-terminator check before vulnerable strchr calls. However, some confusion has emerged regarding which versions contain the patch, with maintainer Amos Jeffries initially stating version 7.6 included the fix, then correcting this to version 7.7, whilst Debian's Salvatore Bonaccorso noted the relevant commit appears present in version 7.6.
Security experts recommend that organisations verify the fix is properly implemented rather than simply checking version numbers, particularly since different Linux distributions may ship their own builds with backported patches. The most effective mitigation strategy, according to researchers, is to disable FTP functionality entirely. Modern browsers like Chromium dropped FTP support years ago, and FTP traffic on most networks is negligible, making this a practical solution that eliminates the attack surface regardless of which Squid version is running. SUSE has rated the vulnerability as moderate severity with a CVSS score of 6.5, noting that whilst the risk is real, it requires low-level privileges and only impacts confidentiality without affecting system integrity or availability.
Artículos relacionados de LaRebelión:
- OpenAI Launches GPT-55-Cyber for Security Defenders
- AI Researchers Uncover GNU Savannah Security Vulnerability
- Arch Linux Security Breach 1579 Packages Compromised
- Microsoft Defender Zero-Day Vulnerability Exposes Windows Systems
- Single-Character Linux Kernel Bug Grants Root Access
Artículo generado mediante LaRebelionBOT
No hay comentarios:
Publicar un comentario