Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2020-790296A8F4.NASLHistoryApr 06, 2020 - 12:00 a.m.
Fedora 31 : 7:squid (2020-790296a8f4)
2020-04-0600:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
7.6 High
AI Score
Confidence
High
-
update to 4.10
-
Resolves: #1798535 - CVE-2019-12528 squid: Information Disclosure issue in FTP Gateway
-
Resolves: #1798554 - CVE-2020-8450 squid: Buffer overflow in a Squid acting as reverse-proxy
-
Resolves: #1798541 - CVE-2020-8449 squid: Improper input validation issues. in HTTP Request processing
-
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2020-790296a8f4.
#
include('compat.inc');
if (description)
{
script_id(135211);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/19");
script_cve_id("CVE-2019-12528", "CVE-2020-8449", "CVE-2020-8450");
script_xref(name:"FEDORA", value:"2020-790296a8f4");
script_name(english:"Fedora 31 : 7:squid (2020-790296a8f4)");
script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing a security update.");
script_set_attribute(attribute:"description", value:
"- update to 4.10
- Resolves: #1798535 - CVE-2019-12528 squid: Information
Disclosure issue in FTP Gateway
- Resolves: #1798554 - CVE-2020-8450 squid: Buffer
overflow in a Squid acting as reverse-proxy
- Resolves: #1798541 - CVE-2020-8449 squid: Improper input
validation issues. in HTTP Request processing
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2020-790296a8f4");
script_set_attribute(attribute:"solution", value:
"Update the affected 7:squid package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8450");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-8449");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/04");
script_set_attribute(attribute:"patch_publication_date", value:"2020/04/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/06");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:7:squid");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Fedora Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^31([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC31", reference:"squid-4.10-3.fc31", epoch:"7")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "7:squid");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | 7 | p-cpe:/a:fedoraproject:fedora:7:squid |
| fedoraproject | fedora | 31 | cpe:/o:fedoraproject:fedora:31 |
Related
fedora
fedora
[SECURITY] Fedora 30 Update: squid-4.10-3.fc30
2020-04-03 18:03:14
[SECURITY] Fedora 31 Update: squid-4.10-3.fc31
2020-04-03 19:16:33
[SECURITY] Fedora 32 Update: squid-4.11-1.fc32
2020-05-16 03:40:02
nessus
nessus
Squid < 4.10 Multiple Vulnerabilities
2021-02-10 00:00:00
Fedora 30 : 7:squid (2020-ab8e7463ab)
2020-04-06 00:00:00
openvas
openvas
Fedora: Security Advisory for squid (FEDORA-2020-790296a8f4)
2020-04-04 00:00:00
Fedora: Security Advisory for squid (FEDORA-2020-ab8e7463ab)
2020-04-04 00:00:00
Ubuntu: Security Advisory for squid (USN-4289-1)
2020-02-21 00:00:00
ubuntu
ubuntu
Squid vulnerabilities
2020-02-20 00:00:00
suse
suse
Security update for squid (moderate)
2020-05-03 00:00:00
Security update for squid (moderate)
2020-03-06 00:00:00
Security update for squid (important)
2020-05-11 00:00:00
freebsd
freebsd
Squid -- multiple vulnerabilities
2020-02-10 00:00:00
mageia
mageia
Updated squid packages fix security vulnerabilities
2020-02-26 13:21:01
ubuntucve
ubuntucve
cloudlinux
cloudlinux
centos
centos
squid security update
2020-11-06 22:15:00
gentoo
gentoo
Squid: Multiple vulnerabilities
2020-03-16 00:00:00
amazon
amazon
Important: squid
2020-11-16 17:59:00
Medium: squid
2020-09-01 00:40:00
redhat
redhat
(RHSA-2020:4082) Important: squid security update
2020-09-30 00:17:14
(RHSA-2020:4743) Moderate: squid:4 security, bug fix, and enhancement update
2020-11-03 12:32:17
hackerone
hackerone
Internet Bug Bounty: Squid leaks previous content from reusable buffer
2020-03-18 22:01:47
Internet Bug Bounty: HTTP Smuggling multiple issues in Squid 3.x & squid 4.x
2019-12-14 11:11:17
alpinelinux
alpinelinux
veracode
veracode
Information Disclosure
2020-08-06 21:32:19
Information Disclosure
2020-08-06 21:33:26
Buffer Overflows
2020-08-06 21:33:28
redhatcve
redhatcve
osv
osv
prion
prion
Design/Logic Flaw
2020-02-04 21:15:00
Input validation
2020-02-04 20:15:00
Buffer overflow
2020-02-04 20:15:00
cve
cve
debiancve
debiancve
oraclelinux
oraclelinux
squid security update
2020-10-08 00:00:00
squid:4 security, bug fix, and enhancement update
2020-11-10 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package squid version 4.10-alt1
2020-03-16 00:00:00
debian
debian
[SECURITY] [DSA 4682-1] squid security update
2020-05-08 19:10:03
[SECURITY] [DLA 2278-1] squid3 security update
2020-07-10 21:55:24
almalinux
almalinux
Moderate: squid:4 security, bug fix, and enhancement update
2020-11-03 12:32:17
rocky
rocky
squid:4 security, bug fix, and enhancement update
2020-11-03 12:32:17
checkpoint_advisories
checkpoint_advisories
rosalinux
rosalinux
Advisory ROSA-SA-2021-1976
2021-07-02 18:10:45
ibm
ibm