I've been informed by our security department that we have two vulnerabilities on a squid reverse proxy I have running. It's running squid-2.5.STABLE3 on Red Hat AS 4.0. The first issue concerns squid identifying itself on port 80. If you telnet to the squid proxy on port 80, then type "get /", squid returns the message "Server: squid/2.5.STABLE3 " (See Fig. 1) Fig. 1 $ telnet 62.245.42.120 80 Trying 62.245.42.120... Connected to 62.245.42.120. Escape character is '^]'. get / HTTP/1.0 400 Bad Request Server: squid/2.5.STABLE3 Mime-Version: 1.0 Date: Mon, 05 Jun 2006 13:45:50 GMT Content-Type: text/html Content-Length: 1216 Expires: Mon, 05 Jun 2006 13:45:50 GMT X-Squid-Error: ERR_INVALID_REQ 0 X-Cache: MISS from www.superiorinfo.com Proxy-Connection: close You can see that it clearly identifies itself as a SQUID Proxy version 2.5.Stable3. The second issue concerns using telnet to connect to connect to port 80 on the same squid proxy server, and issuing a "CONNECT localhost:22 HTTP/1.0 ". You can see in Fig. 2 listed below that this connects to ssh on port 22: Fig. 2 $ telnet 62.245.42.120 80 Trying 62.245.42.120... Connected to 62.245.42.120. Escape character is '^]'. CONNECT localhost:22 HTTP/1.0 HTTP/1.0 200 Connection established SSH-2.0-OpenSSH_3.6.1p2 Protocol mismatch. Connection closed by foreign host. For the ssh connection issue I modified the hosts.deny and hosts.allow files, which resolved the 2nd issue. Is there a way to NOT return the "Server: squid/2.5.STABLE3" message as in Fig. 1 when connecting to squid using telnet on port 80? And of less importance, is it possible to prevent squid from allowing connecting to ssh on port 22 of the localhost? -Thanks
