Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.AL2023_ALAS2023-2023-429.NASL
HistoryNov 15, 2023 - 12:00 a.m.

Amazon Linux 2023 : squid (ALAS2023-2023-429)

2023-11-1500:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
squid proxy
denial of service
ssl certificate validation
vulnerabilities
http smuggling
ftp protocol

9.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

7.2 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.3%

JSON

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-429 advisory.

  • Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using --with-openssl are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid’s patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages. (CVE-2023-46724)

  • Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid’s Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests. (CVE-2023-46728)

  • SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
    (CVE-2023-46846)

  • Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input. (CVE-2023-46848)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2023 Security Advisory ALAS2023-2023-429.
##

include('compat.inc');

if (description)
{
  script_id(185721);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/20");

  script_cve_id(
    "CVE-2023-46724",
    "CVE-2023-46728",
    "CVE-2023-46846",
    "CVE-2023-46848"
  );

  script_name(english:"Amazon Linux 2023 : squid (ALAS2023-2023-429)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2023 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-429 advisory.

  - Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions
    3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of
    Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial
    of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a
    server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version
    6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch
    archives. Those who you use a prepackaged version of Squid should refer to the package vendor for
    availability information on updated packages. (CVE-2023-46724)

  - Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer
    dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The
    gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this
    bug are possible to be received from any gopher server, even those without malicious intent. Gopher
    support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade
    should reject all gopher URL requests. (CVE-2023-46728)

  - SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote
    attacker to perform Request/Response smuggling past firewall and frontend security systems.
    (CVE-2023-46846)

  - Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs
    in HTTP Request messages or constructing ftp:// URLs from FTP Native input. (CVE-2023-46848)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2023/ALAS-2023-429.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-46724.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-46728.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-46846.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-46848.html");
  script_set_attribute(attribute:"solution", value:
"Run 'dnf update squid --releasever 2023.2.20231113' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-46846");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/11/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/11/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:squid");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:squid-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:squid-debugsource");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2023");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "-2023")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2023", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var pkgs = [
    {'reference':'squid-5.8-1.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'squid-5.8-1.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'squid-debuginfo-5.8-1.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'squid-debuginfo-5.8-1.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'squid-debugsource-5.8-1.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'squid-debugsource-5.8-1.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "squid / squid-debuginfo / squid-debugsource");
}
VendorProductVersionCPE
amazonlinuxsquidp-cpe:/a:amazon:linux:squid
amazonlinuxsquid-debuginfop-cpe:/a:amazon:linux:squid-debuginfo
amazonlinuxsquid-debugsourcep-cpe:/a:amazon:linux:squid-debugsource
amazonlinux2023cpe:/o:amazon:linux:2023

Related

nessus 52
osv 18
openvas 19
ubuntu 2
amazon 5
mageia 2
almalinux 6
redhat 18
oraclelinux 7
f5 1
rocky 4
debian 3
redos 1
photon 6
cve 4
alpinelinux 4
cvelist 4
prion 4
veracode 4
debiancve 4
nvd 4
cloudlinux 3
redhatcve 4
ubuntucve 4
fedora 2
nessus
nessus
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Squid vulnerabilities (USN-6500-1)
2023-11-21 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : squid (SUSE-SU-2023:4380-1)
2023-11-07 00:00:00
Amazon Linux 2 : squid (ALAS-2023-2354)
2023-12-04 00:00:00
osv
osv
squid vulnerabilities
2023-11-21 15:42:49
Critical: squid security update
2023-11-11 23:00:06
Critical: squid security update
2023-11-07 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6500-1)
2023-11-22 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:4384-1)
2023-11-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:4381-1)
2023-11-07 00:00:00
ubuntu
ubuntu
Squid vulnerabilities
2023-11-21 00:00:00
Squid vulnerabilities
2023-12-11 00:00:00
amazon
amazon
Important: squid
2023-11-29 22:19:00
Important: squid
2023-11-10 17:32:00
Important: squid
2024-04-25 16:04:00
mageia
mageia
Updated squid packages fix security vulnerabilities
2023-11-10 02:37:11
Updated squid packages fix security vulnerabilities
2024-03-31 06:27:58
almalinux
almalinux
Critical: squid security update
2023-11-07 00:00:00
Critical: squid security update
2023-11-02 00:00:00
Important: squid security update
2024-01-08 00:00:00
redhat
redhat
(RHSA-2023:6748) Critical: squid security update
2023-11-07 10:08:53
(RHSA-2023:6266) Critical: squid security update
2023-11-02 09:25:23
(RHSA-2023:6268) Critical: squid security update
2023-11-02 09:34:15
oraclelinux
oraclelinux
squid security update
2023-11-03 00:00:00
squid security update
2023-11-16 00:00:00
squid:4 security update
2024-01-04 00:00:00
f5
f5
K000137864 : Squid vulnerabilities CVE-2023-46846, CVE-2023-46847, CVE-2023-46848
2023-12-11 00:00:00
rocky
rocky
squid security update
2023-11-11 23:00:06
squid:4 security update
2024-01-09 04:07:10
squid:4 security update
2023-11-28 22:43:02
debian
debian
[SECURITY] [DSA 5637-1] squid security update
2024-03-08 14:36:16
[SECURITY] [DLA 3709-2] squid regression update
2024-01-22 18:56:25
[SECURITY] [DLA 3709-1] squid security update
2024-01-09 00:08:19
redos
redos
ROS-20231115-01
2023-11-15 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-3.0-0697
2023-12-06 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0154
2023-11-24 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0698
2023-12-10 00:00:00
cve
cve
CVE-2023-46724
2023-11-01 20:15:08
CVE-2023-46846
2023-11-03 08:15:07
CVE-2023-46728
2023-11-06 18:15:08
alpinelinux
alpinelinux
CVE-2023-46724
2023-11-01 20:15:08
CVE-2023-46846
2023-11-03 08:15:07
CVE-2023-46728
2023-11-06 18:15:08
cvelist
cvelist
CVE-2023-46724 SQUID-2023:4 Denial of Service in SSL Certificate validation
2023-11-01 19:09:34
CVE-2023-46728 SQUID-2021:8 Denial of Service in Gopher gateway
2023-11-06 17:13:45
CVE-2023-46846 Squid: request/response smuggling in http/1.1 and icap
2023-11-03 07:33:16
prion
prion
Null pointer dereference
2023-11-06 18:15:00
Design/Logic Flaw
2023-11-03 08:15:00
Input validation
2023-11-01 20:15:00
veracode
veracode
HTTP Request Smuggling
2023-11-12 18:41:49
Denial Of Service (DoS)
2023-11-10 05:38:32
Denial Of Service
2023-11-02 07:16:45
debiancve
debiancve
CVE-2023-46846
2023-11-03 08:15:07
CVE-2023-46728
2023-11-06 18:15:08
CVE-2023-46724
2023-11-01 20:15:08
nvd
nvd
CVE-2023-46724
2023-11-01 20:15:08
CVE-2023-46728
2023-11-06 18:15:08
CVE-2023-46846
2023-11-03 08:15:07
cloudlinux
cloudlinux
squid34: Fix of CVE-2023-46724
2023-11-29 19:29:11
squid34: Fix of CVE-2023-46728
2023-12-13 19:41:17
squid: Fix of CVE-2023-46728
2023-12-13 19:38:56
redhatcve
redhatcve
CVE-2023-46724
2023-11-02 03:57:23
CVE-2023-46846
2023-10-27 08:57:59
CVE-2023-46728
2023-11-07 14:37:53
ubuntucve
ubuntucve
CVE-2023-46846
2023-11-03 00:00:00
CVE-2023-46728
2023-11-06 00:00:00
CVE-2023-46724
2023-11-01 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: squid-6.6-1.fc38
2023-12-29 01:05:39
[SECURITY] Fedora 39 Update: squid-6.6-1.fc39
2023-12-29 01:14:29

9.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

7.2 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.3%

JSON
Related for AL2023_ALAS2023-2023-429.NASL
nessus52osv18openvas19ubuntu2amazon5mageia2almalinux6redhat18oraclelinux7f51rocky4debian3redos1photon6cve4alpinelinux4cvelist4prion4veracode4debiancve4nvd4cloudlinux3redhatcve4ubuntucve4fedora2