ID CVE-2014-7141 Type cve Reporter cve@mitre.org Modified 2016-11-28T19:12:00
Description
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.
{"ubuntu": [{"lastseen": "2020-07-02T11:33:43", "bulletinFamily": "unix", "cvelist": ["CVE-2014-7141", "CVE-2014-7142"], "description": "Sebastian Krahmer discovered that the Squid pinger incorrectly handled \ncertain malformed ICMP packets. A remote attacker could possibly use this \nissue to cause Squid to crash, resulting in a denial of service.", "edition": 5, "modified": "2014-11-25T00:00:00", "published": "2014-11-25T00:00:00", "id": "USN-2422-1", "href": "https://ubuntu.com/security/notices/USN-2422-1", "title": "Squid vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:55", "bulletinFamily": "software", "cvelist": ["CVE-2014-7141", "CVE-2014-7142"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2422-1\r\nNovember 25, 2014\r\n\r\nsquid3 vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 14.10\r\n- Ubuntu 14.04 LTS\r\n\r\nSummary:\r\n\r\nSquid could be made to crash if it received specially crafted network\r\ntraffic.\r\n\r\nSoftware Description:\r\n- squid3: Web proxy cache server\r\n\r\nDetails:\r\n\r\nSebastian Krahmer discovered that the Squid pinger incorrectly handled\r\ncertain malformed ICMP packets. A remote attacker could possibly use this\r\nissue to cause Squid to crash, resulting in a denial of service.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 14.10:\r\n squid3 3.3.8-1ubuntu8.1\r\n\r\nUbuntu 14.04 LTS:\r\n squid3 3.3.8-1ubuntu6.2\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2422-1\r\n CVE-2014-7141, CVE-2014-7142\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/squid3/3.3.8-1ubuntu8.1\r\n https://launchpad.net/ubuntu/+source/squid3/3.3.8-1ubuntu6.2\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2014-11-30T00:00:00", "published": "2014-11-30T00:00:00", "id": "SECURITYVULNS:DOC:31410", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31410", "title": "[USN-2422-1] Squid vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:58", "bulletinFamily": "software", "cvelist": ["CVE-2014-7141", "CVE-2014-7142"], "description": "DoS and information disclosure in pinger service.", "edition": 1, "modified": "2014-11-30T00:00:00", "published": "2014-11-30T00:00:00", "id": "SECURITYVULNS:VULN:14112", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14112", "title": "squid security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-20T15:28:04", "description": "Sebastian Krahmer discovered that the Squid pinger incorrectly handled\ncertain malformed ICMP packets. A remote attacker could possibly use\nthis issue to cause Squid to crash, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "published": "2014-11-26T00:00:00", "title": "Ubuntu 14.04 LTS / 14.10 : squid3 vulnerabilities (USN-2422-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7141", "CVE-2014-7142"], "modified": "2014-11-26T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:squid3", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2422-1.NASL", "href": "https://www.tenable.com/plugins/nessus/79576", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2422-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79576);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-7141\", \"CVE-2014-7142\");\n script_bugtraq_id(69688, 70022);\n script_xref(name:\"USN\", value:\"2422-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 14.10 : squid3 vulnerabilities (USN-2422-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Sebastian Krahmer discovered that the Squid pinger incorrectly handled\ncertain malformed ICMP packets. A remote attacker could possibly use\nthis issue to cause Squid to crash, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2422-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected squid3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:squid3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"squid3\", pkgver:\"3.3.8-1ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"squid3\", pkgver:\"3.3.8-1ubuntu8.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"squid3\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-01-07T10:56:29", "description": "The remote host is affected by the vulnerability described in GLSA-201411-11\n(Squid: Multiple vulnerabilities)\n\n An assertion failure in processing of SSL-Bump has been found in Squid.\n Heap based overflow is discovered when processing SNMP requests.\n \nImpact :\n\n A remote attacker could send a specially crafted request, possibly\n resulting in a executing of arbitrary code or Denial of Service\n condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 21, "published": "2014-11-28T00:00:00", "title": "GLSA-201411-11 : Squid: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7141", "CVE-2014-0128", "CVE-2014-7142"], "modified": "2014-11-28T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:squid"], "id": "GENTOO_GLSA-201411-11.NASL", "href": "https://www.tenable.com/plugins/nessus/79609", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201411-11.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79609);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-0128\", \"CVE-2014-7141\", \"CVE-2014-7142\");\n script_bugtraq_id(66112, 69688, 70022);\n script_xref(name:\"GLSA\", value:\"201411-11\");\n\n script_name(english:\"GLSA-201411-11 : Squid: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201411-11\n(Squid: Multiple vulnerabilities)\n\n An assertion failure in processing of SSL-Bump has been found in Squid.\n Heap based overflow is discovered when processing SNMP requests.\n \nImpact :\n\n A remote attacker could send a specially crafted request, possibly\n resulting in a executing of arbitrary code or Denial of Service\n condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201411-11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Squid users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-proxy/squid-3.3.13-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:squid\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-proxy/squid\", unaffected:make_list(\"ge 3.3.13-r1\"), vulnerable:make_list(\"lt 3.3.13-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Squid\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-04-01T06:24:43", "description": "According to its banner, the version of Squid running on the remote\nhost is 3.x prior to 3.4.8. Therefore, it may be affected by the\nfollowing vulnerabilities :\n\n - A off-by-one overflow flaw exists within the SNMP\n processing component. By using a specially crafted\n UDP SNMP request, a remote attacker could exploit this\n to cause a denial of service or possibly execute\n arbitrary code. (CVE-2014-6270)\n\n - There exists an array indexing flaw in the node pinger\n that is triggered when parsing ICMP and ICMPv6 replies,\n which may allow a remote attacker to crash the pinger or\n obtain sensitive information. (CVE-2014-7141)\n\n - The node pinger has a flaw in function 'Icmp4::Recv' in\n file 'icmp/Icmp4.cc.' that is triggered when parsing\n ICMP or ICMPv6 responses. A remote attacker could\n exploit this to crash the pinger or obtain sensitive\n information. (CVE-2014-7142)\n\nNote that Nessus has relied only on the version in the proxy server's\nbanner. The patch released to address the issue does not update the\nversion in the banner. If the patch has been applied properly, and the\nservice has been restarted, consider this to be a false positive.", "edition": 27, "published": "2014-12-05T00:00:00", "title": "Squid 3.x < 3.4.8 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7141", "CVE-2014-6270", "CVE-2014-7142"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:squid-cache:squid"], "id": "SQUID_3_4_8.NASL", "href": "https://www.tenable.com/plugins/nessus/79742", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79742);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/07/30 15:31:32\");\n\n script_cve_id(\"CVE-2014-6270\", \"CVE-2014-7141\", \"CVE-2014-7142\");\n script_bugtraq_id(69686, 69688, 70022);\n\n script_name(english:\"Squid 3.x < 3.4.8 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Squid.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote proxy server may be affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Squid running on the remote\nhost is 3.x prior to 3.4.8. Therefore, it may be affected by the\nfollowing vulnerabilities :\n\n - A off-by-one overflow flaw exists within the SNMP\n processing component. By using a specially crafted\n UDP SNMP request, a remote attacker could exploit this\n to cause a denial of service or possibly execute\n arbitrary code. (CVE-2014-6270)\n\n - There exists an array indexing flaw in the node pinger\n that is triggered when parsing ICMP and ICMPv6 replies,\n which may allow a remote attacker to crash the pinger or\n obtain sensitive information. (CVE-2014-7141)\n\n - The node pinger has a flaw in function 'Icmp4::Recv' in\n file 'icmp/Icmp4.cc.' that is triggered when parsing\n ICMP or ICMPv6 responses. A remote attacker could\n exploit this to crash the pinger or obtain sensitive\n information. (CVE-2014-7142)\n\nNote that Nessus has relied only on the version in the proxy server's\nbanner. The patch released to address the issue does not update the\nversion in the banner. If the patch has been applied properly, and the\nservice has been restarted, consider this to be a false positive.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.squid-cache.org/Advisories/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.squid-cache.org/Advisories/SQUID-2014_3.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.squid-cache.org/Advisories/SQUID-2014_4.txt\");\n # http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID_3_4_8.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c9716bf4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Squid version 3.4.8 or later, or apply the vendor-supplied\npatch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/05\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:squid-cache:squid\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Firewalls\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"squid_version.nasl\");\n script_require_keys(\"www/squid\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/http_proxy\", 3128, 8080);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Build a list of ports from the\nlist = get_kb_list(\"http_proxy/*/squid/version\");\nif (isnull(list)) audit(AUDIT_NOT_INST, \"Squid\");\n\n# nb: banner checks of open source software are prone to false-\n# positives so only run the check if reporting is paranoid.\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nvulnerable = FALSE;\nnot_vuln_list = make_list();\n\nforeach item (keys(list))\n{\n port = ereg_replace(pattern:'^http_proxy/([0-9]+)/squid/version', replace:'\\\\1', string:item);\n version = list[item];\n\n # Affected:\n # Squid 2.x\n # Squid 3.x < 3.4.8\n if (\n version =~ \"^2\\.\" ||\n version =~ \"^3\\.[0-3]([^0-9]|$)\" ||\n version =~ \"^3\\.4\\.[0-7]([^0-9]|$)\"\n )\n {\n vulnerable = TRUE;\n if (report_verbosity > 0)\n {\n source = get_kb_item('http_proxy/'+port+'/squid/source');\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 3.4.8' +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n }\n else not_vuln_list = make_list(not_vuln_list, version + \" on port \" + port);\n}\n\nif (vulnerable) exit(0);\nelse\n{\n installs = max_index(not_vuln_list);\n if (installs == 0) audit(AUDIT_NOT_INST, \"Squid\");\n else if (installs == 1)\n audit(AUDIT_INST_VER_NOT_VULN, \"Squid\", not_vuln_list[0]);\n else\n exit(0, \"The Squid installs (\"+ join(not_vuln_list, sep:\", \") + \") are not affected.\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T11:51:41", "description": "Updated squid packages fix security vulnerabilities :\n\nDue to incorrect state management, Squid before 3.3.12 is vulnerable\nto a denial of service attack when processing certain HTTPS requests\nif the SSL-Bump feature is enabled (CVE-2014-0128).\n\nMatthew Daley discovered that Squid 3 did not properly perform input\nvalidation in request parsing. A remote attacker could send crafted\nRange requests to cause a denial of service (CVE-2014-3609).\n\nDue to incorrect buffer management Squid can be caused by an attacker\nto write outside its allocated SNMP buffer (CVE-2014-6270).\n\nDue to incorrect bounds checking Squid pinger binary is vulnerable to\ndenial of service or information leak attack when processing larger\nthan normal ICMP or ICMPv6 packets (CVE-2014-7141).\n\nDue to incorrect input validation Squid pinger binary is vulnerable to\ndenial of service or information leak attacks when processing ICMP or\nICMPv6 packets (CVE-2014-7142).", "edition": 24, "published": "2015-03-30T00:00:00", "title": "Mandriva Linux Security Advisory : squid (MDVSA-2015:103)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7141", "CVE-2014-6270", "CVE-2014-0128", "CVE-2014-3609", "CVE-2014-7142"], "modified": "2015-03-30T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:2", "p-cpe:/a:mandriva:linux:squid-cachemgr", "p-cpe:/a:mandriva:linux:squid"], "id": "MANDRIVA_MDVSA-2015-103.NASL", "href": "https://www.tenable.com/plugins/nessus/82356", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:103. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82356);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0128\", \"CVE-2014-3609\", \"CVE-2014-6270\", \"CVE-2014-7141\", \"CVE-2014-7142\");\n script_xref(name:\"MDVSA\", value:\"2015:103\");\n\n script_name(english:\"Mandriva Linux Security Advisory : squid (MDVSA-2015:103)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated squid packages fix security vulnerabilities :\n\nDue to incorrect state management, Squid before 3.3.12 is vulnerable\nto a denial of service attack when processing certain HTTPS requests\nif the SSL-Bump feature is enabled (CVE-2014-0128).\n\nMatthew Daley discovered that Squid 3 did not properly perform input\nvalidation in request parsing. A remote attacker could send crafted\nRange requests to cause a denial of service (CVE-2014-3609).\n\nDue to incorrect buffer management Squid can be caused by an attacker\nto write outside its allocated SNMP buffer (CVE-2014-6270).\n\nDue to incorrect bounds checking Squid pinger binary is vulnerable to\ndenial of service or information leak attack when processing larger\nthan normal ICMP or ICMPv6 packets (CVE-2014-7141).\n\nDue to incorrect input validation Squid pinger binary is vulnerable to\ndenial of service or information leak attacks when processing ICMP or\nICMPv6 packets (CVE-2014-7142).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0168.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0369.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0396.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected squid and / or squid-cachemgr packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:squid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:squid-cachemgr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"squid-3.3.13-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"squid-cachemgr-3.3.13-1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T14:46:10", "description": "This update for squid3 fixes the following issues :\n\n - Multiple issues in pinger ICMP processing.\n (CVE-2014-7141, CVE-2014-7142)\n\n - CVE-2016-3947: Buffer overrun issue in pinger ICMPv6\n processing. (bsc#973782)\n\n - CVE-2016-4554: fix header smuggling issue in HTTP\n Request processing (bsc#979010)\n\n - fix multiple Denial of Service issues in HTTP Response\n processing. (CVE-2016-2569, CVE-2016-2570,\n CVE-2016-2571, CVE-2016-2572, bsc#968392, bsc#968393,\n bsc#968394, bsc#968395)\n\n - CVE-2016-3948: Fix denial of service in HTTP Response\n processing (bsc#973783)\n\n - CVE-2016-4051: fixes buffer overflow in cachemgr.cgi\n (bsc#976553)\n\n - CVE-2016-4052, CVE-2016-4053, CVE-2016-4054 :\n\n - fixes multiple issues in ESI processing (bsc#976556)\n\n - CVE-2016-4556: fixes double free vulnerability in Esi.cc\n (bsc#979008)\n\n - CVE-2015-5400: Improper Protection of Alternate Path\n (bsc#938715)\n\n - CVE-2014-6270: fix off-by-one in snmp subsystem\n (bsc#895773)\n\n - Memory leak in squid3 when using external_acl\n (bsc#976708)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-09-02T00:00:00", "title": "SUSE SLES11 Security Update : squid3 (SUSE-SU-2016:1996-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7141", "CVE-2015-5400", "CVE-2014-6270", "CVE-2012-5643", "CVE-2016-4051", "CVE-2014-0128", "CVE-2016-4555", "CVE-2016-2570", "CVE-2016-4052", "CVE-2013-4115", "CVE-2016-3947", "CVE-2016-2569", "CVE-2013-0188", "CVE-2011-3205", "CVE-2016-4553", "CVE-2016-4554", "CVE-2016-4556", "CVE-2016-2571", "CVE-2011-4096", "CVE-2016-4054", "CVE-2016-2390", "CVE-2016-4053", "CVE-2016-3948", "CVE-2016-2572", "CVE-2014-7142"], "modified": "2016-09-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:squid3"], "id": "SUSE_SU-2016-1996-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93271", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1996-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93271);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3205\", \"CVE-2011-4096\", \"CVE-2012-5643\", \"CVE-2013-0188\", \"CVE-2013-4115\", \"CVE-2014-0128\", \"CVE-2014-6270\", \"CVE-2014-7141\", \"CVE-2014-7142\", \"CVE-2015-5400\", \"CVE-2016-2390\", \"CVE-2016-2569\", \"CVE-2016-2570\", \"CVE-2016-2571\", \"CVE-2016-2572\", \"CVE-2016-3947\", \"CVE-2016-3948\", \"CVE-2016-4051\", \"CVE-2016-4052\", \"CVE-2016-4053\", \"CVE-2016-4054\", \"CVE-2016-4553\", \"CVE-2016-4554\", \"CVE-2016-4555\", \"CVE-2016-4556\");\n script_bugtraq_id(49356, 50449, 56957, 61111, 66112, 69686, 69688, 70022);\n\n script_name(english:\"SUSE SLES11 Security Update : squid3 (SUSE-SU-2016:1996-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for squid3 fixes the following issues :\n\n - Multiple issues in pinger ICMP processing.\n (CVE-2014-7141, CVE-2014-7142)\n\n - CVE-2016-3947: Buffer overrun issue in pinger ICMPv6\n processing. (bsc#973782)\n\n - CVE-2016-4554: fix header smuggling issue in HTTP\n Request processing (bsc#979010)\n\n - fix multiple Denial of Service issues in HTTP Response\n processing. (CVE-2016-2569, CVE-2016-2570,\n CVE-2016-2571, CVE-2016-2572, bsc#968392, bsc#968393,\n bsc#968394, bsc#968395)\n\n - CVE-2016-3948: Fix denial of service in HTTP Response\n processing (bsc#973783)\n\n - CVE-2016-4051: fixes buffer overflow in cachemgr.cgi\n (bsc#976553)\n\n - CVE-2016-4052, CVE-2016-4053, CVE-2016-4054 :\n\n - fixes multiple issues in ESI processing (bsc#976556)\n\n - CVE-2016-4556: fixes double free vulnerability in Esi.cc\n (bsc#979008)\n\n - CVE-2015-5400: Improper Protection of Alternate Path\n (bsc#938715)\n\n - CVE-2014-6270: fix off-by-one in snmp subsystem\n (bsc#895773)\n\n - Memory leak in squid3 when using external_acl\n (bsc#976708)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=895773\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=902197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=938715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963539\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968394\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973782\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=976553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=976556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=976708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979008\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979009\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2011-3205/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2011-4096/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2012-5643/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-0188/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-4115/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-0128/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-6270/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-7141/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-7142/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5400/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2390/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2569/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2570/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2571/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2572/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3947/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3948/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4051/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4052/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4053/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4054/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4553/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4554/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4555/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4556/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161996-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f570bb57\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-squid3-12682=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-squid3-12682=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:squid3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"squid3-3.1.23-8.16.27.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"squid3\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T14:46:17", "description": "This update for squid3 fixes the following issues :\n\n - Multiple issues in pinger ICMP processing.\n (CVE-2014-7141, CVE-2014-7142)\n\n - CVE-2016-3947: Buffer overrun issue in pinger ICMPv6\n processing. (bsc#973782)\n\n - CVE-2016-4554: fix header smuggling issue in HTTP\n Request processing (bsc#979010)\n\n - Fix multiple Denial of Service issues in HTTP Response\n processing. (CVE-2016-2569, CVE-2016-2570,\n CVE-2016-2571, CVE-2016-2572, bsc#968392, bsc#968393,\n bsc#968394, bsc#968395)\n\n - Regression caused by the DoS fixes above (bsc#993299)\n\n - CVE-2016-3948: Fix denial of service in HTTP Response\n processing (bsc#973783)\n\n - CVE-2016-4051: fixes buffer overflow in cachemgr.cgi\n (bsc#976553)\n\n - CVE-2016-4052, CVE-2016-4053, CVE-2016-4054 :\n\n - fixes multiple issues in ESI processing (bsc#976556)\n\n - CVE-2016-4556: fixes double free vulnerability in Esi.cc\n (bsc#979008)\n\n - CVE-2015-5400: Improper Protection of Alternate Path\n (bsc#938715)\n\n - CVE-2014-6270: fix off-by-one in snmp subsystem\n (bsc#895773)\n\n - Memory leak in squid3 when using external_acl\n (bsc#976708)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-09-02T00:00:00", "title": "SUSE SLES11 Security Update : squid3 (SUSE-SU-2016:2089-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7141", "CVE-2015-5400", "CVE-2014-6270", "CVE-2012-5643", "CVE-2016-4051", "CVE-2014-0128", "CVE-2016-4555", "CVE-2016-2570", "CVE-2016-4052", "CVE-2013-4115", "CVE-2016-3947", "CVE-2016-2569", "CVE-2013-0188", "CVE-2011-3205", "CVE-2016-4553", "CVE-2016-4554", "CVE-2016-4556", "CVE-2016-2571", "CVE-2011-4096", "CVE-2016-4054", "CVE-2016-2390", "CVE-2016-4053", "CVE-2016-3948", "CVE-2016-2572", "CVE-2014-7142"], "modified": "2016-09-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:squid3"], "id": "SUSE_SU-2016-2089-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93294", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2089-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93294);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3205\", \"CVE-2011-4096\", \"CVE-2012-5643\", \"CVE-2013-0188\", \"CVE-2013-4115\", \"CVE-2014-0128\", \"CVE-2014-6270\", \"CVE-2014-7141\", \"CVE-2014-7142\", \"CVE-2015-5400\", \"CVE-2016-2390\", \"CVE-2016-2569\", \"CVE-2016-2570\", \"CVE-2016-2571\", \"CVE-2016-2572\", \"CVE-2016-3947\", \"CVE-2016-3948\", \"CVE-2016-4051\", \"CVE-2016-4052\", \"CVE-2016-4053\", \"CVE-2016-4054\", \"CVE-2016-4553\", \"CVE-2016-4554\", \"CVE-2016-4555\", \"CVE-2016-4556\");\n script_bugtraq_id(49356, 50449, 56957, 61111, 66112, 69686, 69688, 70022);\n\n script_name(english:\"SUSE SLES11 Security Update : squid3 (SUSE-SU-2016:2089-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for squid3 fixes the following issues :\n\n - Multiple issues in pinger ICMP processing.\n (CVE-2014-7141, CVE-2014-7142)\n\n - CVE-2016-3947: Buffer overrun issue in pinger ICMPv6\n processing. (bsc#973782)\n\n - CVE-2016-4554: fix header smuggling issue in HTTP\n Request processing (bsc#979010)\n\n - Fix multiple Denial of Service issues in HTTP Response\n processing. (CVE-2016-2569, CVE-2016-2570,\n CVE-2016-2571, CVE-2016-2572, bsc#968392, bsc#968393,\n bsc#968394, bsc#968395)\n\n - Regression caused by the DoS fixes above (bsc#993299)\n\n - CVE-2016-3948: Fix denial of service in HTTP Response\n processing (bsc#973783)\n\n - CVE-2016-4051: fixes buffer overflow in cachemgr.cgi\n (bsc#976553)\n\n - CVE-2016-4052, CVE-2016-4053, CVE-2016-4054 :\n\n - fixes multiple issues in ESI processing (bsc#976556)\n\n - CVE-2016-4556: fixes double free vulnerability in Esi.cc\n (bsc#979008)\n\n - CVE-2015-5400: Improper Protection of Alternate Path\n (bsc#938715)\n\n - CVE-2014-6270: fix off-by-one in snmp subsystem\n (bsc#895773)\n\n - Memory leak in squid3 when using external_acl\n (bsc#976708)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=895773\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=902197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=938715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963539\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968394\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973782\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=976553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=976556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=976708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979008\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979009\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=993299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2011-3205/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2011-4096/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2012-5643/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-0188/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-4115/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-0128/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-6270/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-7141/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-7142/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5400/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2390/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2569/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2570/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2571/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2572/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3947/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3948/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4051/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4052/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4053/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4054/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4553/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4554/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4555/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4556/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162089-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ce87cdd0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-squid3-12701=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-squid3-12701=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:squid3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"squid3-3.1.23-8.16.30.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"squid3\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:36:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7141", "CVE-2014-6270", "CVE-2014-7142"], "description": "This host is running Squid and is prone\n to pinger ICMP processing multiple vulnerabilities.", "modified": "2019-05-20T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310806105", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806105", "type": "openvas", "title": "Squid Pinger ICMP Processing Multiple Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Squid Pinger ICMP Processing Multiple Vulnerabilities\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:squid-cache:squid\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806105\");\n script_version(\"2019-05-20T11:12:48+0000\");\n script_cve_id(\"CVE-2014-7141\", \"CVE-2014-7142\", \"CVE-2014-6270\");\n script_bugtraq_id(69688, 70022, 69686);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-20 11:12:48 +0000 (Mon, 20 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 15:37:01 +0530 (Tue, 08 Sep 2015)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Squid Pinger ICMP Processing Multiple Vulnerabilities\");\n\n script_tag(name:\"summary\", value:\"This host is running Squid and is prone\n to pinger ICMP processing multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"- Due to incorrect bounds checking Squid pinger binary is\n vulnerable to denial of service or information leak attack when\n processing larger than normal ICMP or ICMPv6 packets.\n\n - Due to incorrect input validation Squid pinger binary is\n vulnerable to denial of service or information leak attacks when\n processing ICMP or ICMPv6 packets.\n\n - Due to incorrect buffer management Squid can be caused by an attacker\n to write outside its allocated SNMP buffer.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to obtain sensitive information or cause a denial of service\n (crash).\");\n\n script_tag(name:\"affected\", value:\"Squid 3.x-> 3.4.7\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version Squid 3.4.8 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.squid-cache.org/Advisories/SQUID-2014_4.txt\");\n script_xref(name:\"URL\", value:\"http://www.squid-cache.org/Advisories/SQUID-2014_3.txt\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_squid_detect.nasl\");\n script_mandatory_keys(\"squid_proxy_server/installed\");\n script_require_ports(\"Services/www\", 3128, 8080);\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!squidPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!squidVer = get_app_version(cpe:CPE, port:squidPort)){\n exit(0);\n}\n\nif(squidVer !~ \"^3\\.\"){\n exit(99);\n}\n\nif(version_in_range(version:squidVer, test_version:\"3.4\", test_version2:\"3.4.7\"))\n{\n report = 'Installed version: ' + squidVer + '\\n' +\n 'Fixed version: 3.4.8' + '\\n';\n security_message(data:report, port:squidPort);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7141", "CVE-2014-0128", "CVE-2014-7142"], "description": "Gentoo Linux Local Security Checks GLSA 201411-11", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121286", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121286", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201411-11", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201411-11.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121286\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:01 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201411-11\");\n script_tag(name:\"insight\", value:\"An assertion failure in processing of SSL-Bump has been found in Squid. Heap based overflow is discovered when processing SNMP requests.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201411-11\");\n script_cve_id(\"CVE-2014-0128\", \"CVE-2014-7141\", \"CVE-2014-7142\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201411-11\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"net-proxy/squid\", unaffected: make_list(\"ge 3.3.13-r1\"), vulnerable: make_list(\"lt 3.3.13-r1\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:07", "bulletinFamily": "unix", "cvelist": ["CVE-2014-7141", "CVE-2014-0128", "CVE-2014-7142"], "description": "### Background\n\nSquid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. \n\n### Description\n\nAn assertion failure in processing of SSL-Bump has been found in Squid. Heap based overflow is discovered when processing SNMP requests. \n\n### Impact\n\nA remote attacker could send a specially crafted request, possibly resulting in a executing of arbitrary code or Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Squid users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-proxy/squid-3.3.13-r1\"", "edition": 1, "modified": "2014-11-27T00:00:00", "published": "2014-11-27T00:00:00", "id": "GLSA-201411-11", "href": "https://security.gentoo.org/glsa/201411-11", "type": "gentoo", "title": "Squid: Multiple vulnerabilities", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T12:09:51", "bulletinFamily": "unix", "cvelist": ["CVE-2014-7141", "CVE-2015-5400", "CVE-2014-6270", "CVE-2012-5643", "CVE-2016-4051", "CVE-2014-0128", "CVE-2016-4555", "CVE-2016-2570", "CVE-2016-4052", "CVE-2013-4115", "CVE-2016-3947", "CVE-2016-2569", "CVE-2013-0188", "CVE-2011-3205", "CVE-2016-4553", "CVE-2016-4554", "CVE-2016-4556", "CVE-2016-2571", "CVE-2011-4096", "CVE-2016-4054", "CVE-2016-2390", "CVE-2016-4053", "CVE-2016-3948", "CVE-2016-2572", "CVE-2014-7142"], "edition": 1, "description": "This update for squid3 fixes the following issues:\n\n - Multiple issues in pinger ICMP processing. (CVE-2014-7141,\n CVE-2014-7142)\n\n - CVE-2016-3947: Buffer overrun issue in pinger ICMPv6 processing.\n (bsc#973782)\n\n - CVE-2016-4554: fix header smuggling issue in HTTP Request processing\n (bsc#979010)\n\n - fix multiple Denial of Service issues in HTTP Response processing.\n (CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572, bsc#968392,\n bsc#968393, bsc#968394, bsc#968395)\n\n - CVE-2016-3948: Fix denial of service in HTTP Response processing\n (bsc#973783)\n\n - CVE-2016-4051: fixes buffer overflow in cachemgr.cgi (bsc#976553)\n\n - CVE-2016-4052, CVE-2016-4053, CVE-2016-4054:\n * fixes multiple issues in ESI processing (bsc#976556)\n\n - CVE-2016-4556: fixes double free vulnerability in Esi.cc (bsc#979008)\n\n - CVE-2015-5400: Improper Protection of Alternate Path (bsc#938715)\n\n - CVE-2014-6270: fix off-by-one in snmp subsystem (bsc#895773)\n\n - Memory leak in squid3 when using external_acl (bsc#976708)\n\n", "modified": "2016-08-09T17:12:26", "published": "2016-08-09T17:12:26", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", "id": "SUSE-SU-2016:1996-1", "title": "Security update for squid3 (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:13:39", "bulletinFamily": "unix", "cvelist": ["CVE-2014-7141", "CVE-2015-5400", "CVE-2014-6270", "CVE-2012-5643", "CVE-2016-4051", "CVE-2014-0128", "CVE-2016-4555", "CVE-2016-2570", "CVE-2016-4052", "CVE-2013-4115", "CVE-2016-3947", "CVE-2016-2569", "CVE-2013-0188", "CVE-2011-3205", "CVE-2016-4553", "CVE-2016-4554", "CVE-2016-4556", "CVE-2016-2571", "CVE-2011-4096", "CVE-2016-4054", "CVE-2016-2390", "CVE-2016-4053", "CVE-2016-3948", "CVE-2016-2572", "CVE-2014-7142"], "edition": 1, "description": "This update for squid3 fixes the following issues:\n\n - Multiple issues in pinger ICMP processing. (CVE-2014-7141,\n CVE-2014-7142)\n\n - CVE-2016-3947: Buffer overrun issue in pinger ICMPv6 processing.\n (bsc#973782)\n\n - CVE-2016-4554: fix header smuggling issue in HTTP Request processing\n (bsc#979010)\n\n - Fix multiple Denial of Service issues in HTTP Response processing.\n (CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572, bsc#968392,\n bsc#968393, bsc#968394, bsc#968395)\n - Regression caused by the DoS fixes above (bsc#993299)\n\n - CVE-2016-3948: Fix denial of service in HTTP Response processing\n (bsc#973783)\n\n - CVE-2016-4051: fixes buffer overflow in cachemgr.cgi (bsc#976553)\n\n - CVE-2016-4052, CVE-2016-4053, CVE-2016-4054:\n * fixes multiple issues in ESI processing (bsc#976556)\n\n - CVE-2016-4556: fixes double free vulnerability in Esi.cc (bsc#979008)\n\n - CVE-2015-5400: Improper Protection of Alternate Path (bsc#938715)\n\n - CVE-2014-6270: fix off-by-one in snmp subsystem (bsc#895773)\n\n - Memory leak in squid3 when using external_acl (bsc#976708)\n\n", "modified": "2016-08-16T18:08:55", "published": "2016-08-16T18:08:55", "id": "SUSE-SU-2016:2089-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", "type": "suse", "title": "Security update for squid3 (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
