Debian DLA-1267-1 : squid security update

2018-02-0500:00:00

www.tenable.com

Squid, a high-performance proxy caching server for web clients, has been found vulnerable to denial of service attacks associated with ESI response processing and intermediate CA certificate downloading.

CVE-2018-1000027

Incorrect pointer handling resulted in the possibility of a remote client delivering certain HTTP requests in conjunction with certain trusted server reponses involving the processing of ESI responses or downloading of intermediate CA certificates to trigger a denial of service for all clients accessing the squid service.

For Debian 7 ‘Wheezy’, these problems have been fixed in version 2.7.STABLE9-4.1+deb7u3.

We recommend that you upgrade your squid packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-1267-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(106590);
  script_version("3.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2018-1000027");

  script_name(english:"Debian DLA-1267-1 : squid security update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Squid, a high-performance proxy caching server for web clients, has
been found vulnerable to denial of service attacks associated with ESI
response processing and intermediate CA certificate downloading.

CVE-2018-1000027

Incorrect pointer handling resulted in the possibility of a remote
client delivering certain HTTP requests in conjunction with certain
trusted server reponses involving the processing of ESI responses or
downloading of intermediate CA certificates to trigger a denial of
service for all clients accessing the squid service.

For Debian 7 'Wheezy', these problems have been fixed in version
2.7.STABLE9-4.1+deb7u3.

We recommend that you upgrade your squid packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2018/02/msg00002.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/wheezy/squid"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Upgrade the affected squid, and squid-common packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squid");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squid-common");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/02/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/05");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"7.0", prefix:"squid", reference:"2.7.STABLE9-4.1+deb7u3")) flag++;
if (deb_check(release:"7.0", prefix:"squid-common", reference:"2.7.STABLE9-4.1+deb7u3")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

VendorProductVersionCPE
debiandebian_linuxsquidp-cpe:/a:debian:debian_linux:squid
debiandebian_linuxsquid-commonp-cpe:/a:debian:debian_linux:squid-common
debiandebian_linux7.0cpe:/o:debian:debian_linux:7.0

Vendor	Product	Version	CPE
debian	debian_linux	squid	p-cpe:/a:debian:debian_linux:squid
debian	debian_linux	squid-common	p-cpe:/a:debian:debian_linux:squid-common
debian	debian_linux	7.0	cpe:/o:debian:debian_linux:7.0