Alibaba Cloud Linux 3 : 0132: squid:4 (ALINUX3-SA-2022:0132)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Alibaba Cloud Linux Security Advisory ALINUX3-SA-2022:0132.
##

include('compat.inc');

if (description)
{
  script_id(236478);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/05/14");

  script_cve_id(
    "CVE-2021-28116",
    "CVE-2021-28651",
    "CVE-2021-28652",
    "CVE-2021-28662",
    "CVE-2021-31806",
    "CVE-2021-31807",
    "CVE-2021-31808",
    "CVE-2021-33620",
    "CVE-2021-46784"
  );

  script_name(english:"Alibaba Cloud Linux 3 : 0132: squid:4 (ALINUX3-SA-2022:0132)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Alibaba Cloud Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced
in the ALINUX3-SA-2022:0132 advisory.

    Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities:

    CVE-2021-28116:
    Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of
    an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code
    execution as nobody.

    CVE-2021-28651:
    An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it
    allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount
    of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of
    memory consumption.

    CVE-2021-28652:
    An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it
    allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger
    memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This
    attack is limited to clients with Cache Manager API access privilege.

    CVE-2021-28662:
    An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain
    response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in
    benign network traffic.

    CVE-2021-31806:
    An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is
    vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request
    processing.

    CVE-2021-31807:
    An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a
    remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue
    trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.

    CVE-2021-31808:
    An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is
    vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP
    Range request to trigger this.

    CVE-2021-33620:
    Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting
    availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to
    exist in HTTP traffic without any malicious intent by the server.

    CVE-2021-46784:
    In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a
    Denial of Service can occur when processing long Gopher server responses.

Tenable has extracted the preceding description block directly from the Alibaba Cloud Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"http://mirrors.aliyun.com/alinux/3/cve/alinux3-sa-20220132.xml");
  script_set_attribute(attribute:"solution", value:
"Update the affected squid, squid-debuginfo and / or squid-debugsource packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-28116");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/03/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/07/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/05/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:squid");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:squid-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:squid-debugsource");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alibabacloud:alibaba_cloud_linux_3");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Alibaba Cloud Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Alibaba/release", "Host/Alibaba/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Alibaba/release');
if (isnull(os_release) || 'Alibaba Cloud Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Alibaba Cloud Linux');
var os_ver = pregmatch(pattern: "Alibaba Cloud Linux release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Alibaba Cloud Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Alibaba Cloud Linux 3.x', 'Alibaba Cloud Linux ' + os_ver);

if (!get_kb_item('Host/Alibaba/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Alibaba Cloud Linux', cpu);

var pkgs = [
    {'reference':'squid-4.15-3.al8.1', 'cpu':'aarch64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'squid-4.15-3.al8.1', 'cpu':'x86_64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'squid-debuginfo-4.15-3.al8.1', 'cpu':'aarch64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'squid-debuginfo-4.15-3.al8.1', 'cpu':'x86_64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'squid-debugsource-4.15-3.al8.1', 'cpu':'aarch64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'squid-debugsource-4.15-3.al8.1', 'cpu':'x86_64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  var cves = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = 'Alibaba Linux ' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'squid / squid-debuginfo / squid-debugsource');
}