Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2024-A414A81D47.NASL
HistoryApr 25, 2024 - 12:00 a.m.

Fedora 38 : squid (2024-a414a81d47)

2024-04-2500:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
4
fedora 38
squid
denial of service
cache manager
http chunked decoder
vulnerabilities
expired pointer reference
remote attack
nessus

6.8 Medium

AI Score

Confidence

Low

JSON

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a414a81d47 advisory.

  • Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid’s patch archives. As a workaround, prevent access to Cache Manager using Squid’s main access control: http_access deny manager. (CVE-2024-23638)

  • Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. This bug is fixed in Squid version 6.8. In addition, patches addressing this problem for the stable releases can be found in Squid’s patch archives. There is no workaround for this issue.
    (CVE-2024-25111)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2024-a414a81d47
#

include('compat.inc');

if (description)
{
  script_id(193864);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/25");

  script_cve_id("CVE-2024-23638", "CVE-2024-25111");
  script_xref(name:"FEDORA", value:"2024-a414a81d47");

  script_name(english:"Fedora 38 : squid (2024-a414a81d47)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the
FEDORA-2024-a414a81d47 advisory.

  - Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6
    is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a
    trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid
    older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and
    including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by
    Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in
    Squid's patch archives. As a workaround, prevent access to Cache Manager using Squid's main access
    control: `http_access deny manager`. (CVE-2024-23638)

  - Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable
    to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This
    problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP
    Message. This bug is fixed in Squid version 6.8. In addition, patches addressing this problem for the
    stable releases can be found in Squid's patch archives. There is no workaround for this issue.
    (CVE-2024-25111)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2024-a414a81d47");
  script_set_attribute(attribute:"solution", value:
"Update the affected 7:squid package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-23638");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/01/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/04/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/25");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:38");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:squid");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');
var os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
os_ver = os_ver[1];
if (! preg(pattern:"^38([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 38', 'Fedora ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);

var pkgs = [
    {'reference':'squid-6.9-1.fc38', 'release':'FC38', 'rpm_spec_vers_cmp':TRUE, 'epoch':'7'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (reference && _release) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'squid');
}
VendorProductVersionCPE
fedoraprojectfedorasquidp-cpe:/a:fedoraproject:fedora:squid
fedoraprojectfedora38cpe:/o:fedoraproject:fedora:38

Related

fedora 2
nessus 16
openvas 14
osv 5
veracode 2
ubuntucve 2
redhat 8
debiancve 2
cvelist 2
redhatcve 2
prion 2
cve 2
ubuntu 2
redos 1
amazon 1
alpinelinux 1
mageia 1
oraclelinux 2
almalinux 2
photon 1
fedora
fedora
[SECURITY] Fedora 38 Update: squid-6.9-1.fc38
2024-04-25 01:37:28
[SECURITY] Fedora 39 Update: squid-6.9-1.fc39
2024-04-25 01:21:07
nessus
nessus
Fedora 39 : squid (2024-bd8c6c6926)
2024-04-25 00:00:00
Amazon Linux 2 : squid (ALAS-2024-2433)
2024-02-06 00:00:00
Amazon Linux 2023 : squid (ALAS2023-2024-578)
2024-04-03 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6728-2)
2024-04-12 00:00:00
Squid DoS Vulnerability (GHSA-72c2-c3wm-8qxc, SQUID-2024:1)
2023-10-20 00:00:00
Ubuntu: Security Advisory (USN-6728-1)
2024-04-11 00:00:00
osv
osv
squid vulnerability
2024-04-23 11:20:04
CVE-2024-23638
2024-01-24 00:15:08
squid regression
2024-04-11 11:13:39
veracode
veracode
Denial Of Service (DoS)
2024-03-08 04:00:18
Expired Pointer Dereference
2024-01-24 08:40:43
ubuntucve
ubuntucve
CVE-2024-23638
2024-01-24 00:00:00
CVE-2024-25111
2024-03-06 00:00:00
redhat
redhat
(RHSA-2024:1479) Important: squid:4 security update
2024-03-25 16:48:07
(RHSA-2024:1515) Important: squid security and bug fix update
2024-03-26 12:00:29
(RHSA-2024:2822) Important: squid:4 security update
2024-05-13 00:58:21
debiancve
debiancve
CVE-2024-23638
2024-01-24 00:15:08
CVE-2024-25111
2024-03-06 19:15:07
cvelist
cvelist
CVE-2024-23638 SQUID-2023:11 Denial of Service in Cache Manager
2024-01-23 23:23:19
CVE-2024-25111 SQUID-2024:1 Denial of Service in HTTP Chunked Decoding
2024-03-06 18:14:28
redhatcve
redhatcve
CVE-2024-23638
2024-01-25 20:00:09
CVE-2024-25111
2024-03-07 06:38:21
prion
prion
Design/Logic Flaw
2024-03-06 19:15:00
Design/Logic Flaw
2024-01-24 00:15:00
cve
cve
CVE-2024-25111
2024-03-06 19:15:07
CVE-2024-23638
2024-01-24 00:15:08
ubuntu
ubuntu
Squid vulnerability
2024-04-23 00:00:00
Squid regression
2024-04-11 00:00:00
redos
redos
ROS-20240329-02
2024-03-29 00:00:00
amazon
amazon
Medium: squid
2024-02-01 19:57:00
alpinelinux
alpinelinux
CVE-2024-23638
2024-01-24 00:15:08
mageia
mageia
Updated squid packages fix security vulnerabilities
2024-03-31 06:27:58
oraclelinux
oraclelinux
squid:4 security update
2024-03-21 00:00:00
squid security update
2024-03-20 00:00:00
almalinux
almalinux
Important: squid:4 security update
2024-03-19 00:00:00
Important: squid security update
2024-03-19 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2024-3.0-0722
2024-02-08 00:00:00

6.8 Medium

AI Score

Confidence

Low

JSON
Related for FEDORA_2024-A414A81D47.NASL
fedora2nessus16openvas14osv5veracode2ubuntucve2redhat8debiancve2cvelist2redhatcve2prion2cve2ubuntu2redos1amazon1alpinelinux1mageia1oraclelinux2almalinux2photon1