Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2002-016.NASL
HistoryJul 31, 2004 - 12:00 a.m.

Mandrake Linux Security Advisory : squid (MDKSA-2002:016-1)

2004-07-3100:00:00
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
www.tenable.com
17

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.44 Medium

EPSS

Percentile

97.4%

JSON

Three security issues were found in the 2.x versions of the Squid proxy server up to and including 2.4.STABLE3. The first is a memory leak in the optional SNMP interface to Squid which could allow a malicious user who can send packets to the Squid SNMP port to possibly perform a Denial of Service attack on ther server if the SNMP interface is enabled. The next is a buffer overflow in the implementation of ftp:// URLs where allowed users could possibly perform a DoS on the server, and may be able to trigger remote execution of code (which the authors have not yet confirmed). The final issue is with the HTCP interface which cannot be properly disabled from squid.conf; HTCP is enabled by default on Mandrake Linux systems.

Update :

The squid updates for all versions other than Mandrake Linux were incorrectly built with LDAP authentication which introduced a dependency on OpenLDAP. These new packages do not use LDAP authentication. The Single Network Firewall 7.2 package previously released did not use LDAP authentication, however rebuilding the source RPM package required LDAP to be installed. Single Network Firewall 7.2 users do not need to upgrade to these packages to have a properly function squid.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2002:016. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(13924);
  script_version("1.19");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2002-0067", "CVE-2002-0068", "CVE-2002-0069");
  script_xref(name:"MDKSA", value:"2002:016-1");

  script_name(english:"Mandrake Linux Security Advisory : squid (MDKSA-2002:016-1)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Mandrake Linux host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Three security issues were found in the 2.x versions of the Squid
proxy server up to and including 2.4.STABLE3. The first is a memory
leak in the optional SNMP interface to Squid which could allow a
malicious user who can send packets to the Squid SNMP port to possibly
perform a Denial of Service attack on ther server if the SNMP
interface is enabled. The next is a buffer overflow in the
implementation of ftp:// URLs where allowed users could possibly
perform a DoS on the server, and may be able to trigger remote
execution of code (which the authors have not yet confirmed). The
final issue is with the HTCP interface which cannot be properly
disabled from squid.conf; HTCP is enabled by default on Mandrake Linux
systems.

Update :

The squid updates for all versions other than Mandrake Linux were
incorrectly built with LDAP authentication which introduced a
dependency on OpenLDAP. These new packages do not use LDAP
authentication. The Single Network Firewall 7.2 package previously
released did not use LDAP authentication, however rebuilding the
source RPM package required LDAP to be installed. Single Network
Firewall 7.2 users do not need to upgrade to these packages to have a
properly function squid."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.squid-cache.org/Advisories/SQUID-2002_1.txt"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected squid package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:squid");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2002/02/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"squid-2.4.STABLE4-1.5mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"squid-2.4.STABLE4-1.5mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"squid-2.4.STABLE4-1.6mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxsquidp-cpe:/a:mandriva:linux:squid
mandrakesoftmandrake_linux7.1cpe:/o:mandrakesoft:mandrake_linux:7.1
mandrakesoftmandrake_linux7.2cpe:/o:mandrakesoft:mandrake_linux:7.2
mandrakesoftmandrake_linux8.0cpe:/o:mandrakesoft:mandrake_linux:8.0

Related

openvas 1
cve 3
nessus 1
nvd 3
cert 1
suse 1
cvelist 3
openvas
openvas
Squid 2.0 < 2.4 STABLE4 FTP Proxy URL Buffer Overflow Vulnerability
2017-07-28 00:00:00
cve
cve
CVE-2002-0068
2003-04-02 05:00:00
CVE-2002-0069
2003-04-02 05:00:00
CVE-2002-0067
2003-04-02 05:00:00
nessus
nessus
Squid FTP URL Special Character Handling Remote Overflow
2002-03-27 00:00:00
nvd
nvd
CVE-2002-0069
2002-03-08 05:00:00
CVE-2002-0068
2002-03-08 05:00:00
CVE-2002-0067
2002-03-08 05:00:00
cert
cert
Squid Proxy Server contains buffer overflow in parsing of the authentication portion of FTP URLs
2002-03-04 00:00:00
suse
suse
remote command execution in squid
2002-03-04 12:12:39
cvelist
cvelist
CVE-2002-0068
2003-04-02 05:00:00
CVE-2002-0069
2003-04-02 05:00:00
CVE-2002-0067
2003-04-02 05:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.44 Medium

EPSS

Percentile

97.4%

JSON
Related for MANDRAKE_MDKSA-2002-016.NASL
openvas1cve3nessus1nvd3cert1suse1cvelist3