Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-2304.NASL
HistorySep 12, 2011 - 12:00 a.m.

Debian DSA-2304-1 : squid3 - buffer overflow

2011-09-1200:00:00
This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
JSON

Ben Hawkes discovered that Squid 3, a full featured Web Proxy cache (HTTP proxy), is vulnerable to a buffer overflow when processing Gopher server replies. An attacker can exploit this flaw by connecting to a Gopher server that returns lines longer than 4096 bytes. This may result in denial of service conditions (daemon crash) or the possibly the execution of arbitrary code with rights of the squid daemon.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-2304. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(56143);
  script_version("1.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2011-3205");
  script_bugtraq_id(49356);
  script_xref(name:"DSA", value:"2304");

  script_name(english:"Debian DSA-2304-1 : squid3 - buffer overflow");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Ben Hawkes discovered that Squid 3, a full featured Web Proxy cache
(HTTP proxy), is vulnerable to a buffer overflow when processing
Gopher server replies. An attacker can exploit this flaw by connecting
to a Gopher server that returns lines longer than 4096 bytes. This may
result in denial of service conditions (daemon crash) or the possibly
the execution of arbitrary code with rights of the squid daemon."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639755"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/squeeze/squid3"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2011/dsa-2304"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the squid3 packages.

For the oldstable distribution (lenny), this problem has been fixed in
version 3.0.STABLE8-3+lenny5.

For the stable distribution (squeeze), this problem has been fixed in
version 3.1.6-1.2+squeeze1."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squid3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/09/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/09/12");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"5.0", prefix:"squid3", reference:"3.0.STABLE8-3+lenny5")) flag++;
if (deb_check(release:"6.0", prefix:"squid-cgi", reference:"3.1.6-1.2+squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"squid3", reference:"3.1.6-1.2+squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"squid3-common", reference:"3.1.6-1.2+squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"squid3-dbg", reference:"3.1.6-1.2+squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"squidclient", reference:"3.1.6-1.2+squeeze1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxsquid3p-cpe:/a:debian:debian_linux:squid3
debiandebian_linux5.0cpe:/o:debian:debian_linux:5.0
debiandebian_linux6.0cpe:/o:debian:debian_linux:6.0

Related

veracode 1
openvas 13
nessus 13
oraclelinux 1
checkpoint_advisories 2
securityvulns 2
suse 4
debian 1
altlinux 1
redhat 1
prion 1
ubuntucve 1
debiancve 1
cve 1
gentoo 1
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:05:32
openvas
openvas
RedHat Update for squid RHSA-2011:1293-01
2012-07-09 00:00:00
Oracle: Security Advisory (ELSA-2011-1293)
2015-10-06 00:00:00
Squid Proxy Gopher Remote Buffer Overflow Vulnerability
2011-08-30 00:00:00
nessus
nessus
Squid 3.x < 3.0.STABLE26 / 3.1.15 / 3.2.0.11 Gopher Buffer Overflow
2011-09-16 00:00:00
Scientific Linux Security Update : squid on SL6.x i386/x86_64
2012-08-01 00:00:00
SuSE 11.1 Security Update : squid3 (SAT Patch Number 5095)
2011-12-13 00:00:00
oraclelinux
oraclelinux
squid security update
2011-09-14 00:00:00
checkpoint_advisories
checkpoint_advisories
Squid Proxy Gopher Response Processing Buffer Overflow (CVE-2011-3205)
2011-11-29 00:00:00
Squid Proxy Gopher Response Processing Denial of Service (CVE-2011-3205)
2012-05-14 00:00:00
securityvulns
securityvulns
squid buffer overflow
2011-09-13 00:00:00
[SECURITY] [DSA 2304-1] squid3 security update
2011-09-13 00:00:00
suse
suse
VUL-0: CVE-2011-3205: squid: buffer overflow in Gopher reply parser (important)
2011-09-07 17:08:13
Security update for squid3 (important)
2011-09-07 17:08:16
Security update for squid3 (important)
2016-08-09 17:12:26
debian
debian
[SECURITY] [DSA 2304-1] squid3 security update
2011-09-11 17:51:59
altlinux
altlinux
Security fix for the ALT Linux 8 package squid version 3.1.15-alt1
2011-09-07 00:00:00
redhat
redhat
(RHSA-2011:1293) Moderate: squid security update
2011-09-14 00:00:00
prion
prion
Buffer overflow
2011-09-06 15:55:00
ubuntucve
ubuntucve
CVE-2011-3205
2011-09-06 00:00:00
debiancve
debiancve
CVE-2011-3205
2011-09-06 15:55:00
cve
cve
CVE-2011-3205
2011-09-06 15:55:00
gentoo
gentoo
Squid: Multiple vulnerabilities
2011-10-26 00:00:00
JSON
Related for DEBIAN_DSA-2304.NASL
veracode1openvas13nessus13oraclelinux1checkpoint_advisories2securityvulns2suse4debian1altlinux1redhat1prion1ubuntucve1debiancve1cve1gentoo1