Red Hat Advisory: Potential misuse of squid cachemgr.cgi | Linux Today

Red Hat Advisory: Potential misuse of squid cachemgr.cgi

Written By
Web Webster
Web Webster
Jul 30, 1999
---------------------------------------------------------------------
           Red Hat, Inc. Security Advisory

Synopsis:       Potential misuse of squid cachemgr.cgi
Advisory ID:        RHSA-1999:025-01
Issue date:     1999-07-29
Updated on:
Keywords:       squid cachemgr.cgi connect
Cross references:
---------------------------------------------------------------------

1. Topic:

cachemgr.cgi, the manager interface to Squid, is installed by
default in /home/httpd/cgi-bin. If a web server (such as apache) is
running, this can allow remote users to sent connect() requests
from the local machine to arbitrary hosts and ports.

2. Bug IDs fixed:

3. Relevant releases/architectures:

Red Hat Linux 6.0, all architectures
Red Hat Linux 5.2, all architectures

4. Obsoleted by:

5. Conflicts with:

6. RPMs required:

Red Hat Linux 6.0:

Intel:
ftp://updates.redhat.com/6.0/i386/squid-2.2.STABLE4-5.i386.rpm

Alpha:
ftp://updates.redhat.com/6.0/alpha/squid-2.2.STABLE4-5.alpha.rpm

Sparc:
ftp://updates.redhat.com/6.0/sparc/squid-2.2.STABLE4-5.sparc.rpm

Source packages:
ftp://updates.redhat.com/6.0/SRPMS/squid-2.2.STABLE4-5.src.rpm

Red Hat Linux 5.2:

Intel:
ftp://updates.redhat.com/5.2/i386/squid-2.2.STABLE4-0.5.2.i386.rpm

Alpha:
ftp://updates.redhat.com/5.2/alpha/squid-2.2.STABLE4-0.5.2.alpha.rpm

Sparc:
ftp://updates.redhat.com/5.2/sparc/squid-2.2.STABLE4-0.5.2.sparc.rpm

Source packages:
ftp://updates.redhat.com/5.2/SRPMS/squid-2.2.STABLE4-0.5.2.src.rpm

7. Problem description:

A remote user could enter a hostname/IP address and port number,
and the cachemgr CGI would attempt to connect to that host and
port, printing the error if it fails.

8. Solution:

For each RPM for your particular architecture, run:

rpm -Uvh <filename>

where filename is the name of the RPM.

Alternatively, you can simply disable the cachemgr.cgi, by
editing your http daemons access control files or deleting/moving
the cachemgr.cgi binary.

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.