Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2005-061.NASL
HistoryFeb 14, 2005 - 12:00 a.m.

RHEL 2.1 / 3 : squid (RHSA-2005:061)

2005-02-1400:00:00
This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
JSON

An updated Squid package that fixes several security issues is now available.

Squid is a full-featured Web proxy cache.

A buffer overflow flaw was found in the Gopher relay parser. This bug could allow a remote Gopher server to crash the Squid proxy that reads data from it. Although Gopher servers are now quite rare, a malicious web page (for example) could redirect or contain a frame pointing to an attacker’s malicious gopher server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0094 to this issue.

An integer overflow flaw was found in the WCCP message parser. It is possible to crash the Squid server if an attacker is able to send a malformed WCCP message with a spoofed source address matching Squid’s ‘home router’. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0095 to this issue.

A memory leak was found in the NTLM fakeauth_auth helper. It is possible that an attacker could place the Squid server under high load, causing the NTML fakeauth_auth helper to consume a large amount of memory, resulting in a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0096 to this issue.

A NULL pointer de-reference bug was found in the NTLM fakeauth_auth helper. It is possible for an attacker to send a malformed NTLM type 3 message, causing the Squid server to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0097 to this issue.

A username validation bug was found in squid_ldap_auth. It is possible for a username to be padded with spaces, which could allow a user to bypass explicit access control rules or confuse accounting. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0173 to this issue.

The way Squid handles HTTP responses was found to need strengthening.
It is possible that a malicious web server could send a series of HTTP responses in such a way that the Squid cache could be poisoned, presenting users with incorrect webpages. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-0174 and CVE-2005-0175 to these issues.

A bug was found in the way Squid handled oversized HTTP response headers. It is possible that a malicious web server could send a specially crafted HTTP header which could cause the Squid cache to be poisoned, presenting users with incorrect webpages. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0241 to this issue.

A buffer overflow bug was found in the WCCP message parser. It is possible that an attacker could send a malformed WCCP message which could crash the Squid server or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0211 to this issue.

Users of Squid should upgrade to this updated package, which contains backported patches, and is not vulnerable to these issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2005:061. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(16384);
  script_version("1.25");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2005-0094", "CVE-2005-0095", "CVE-2005-0096", "CVE-2005-0097", "CVE-2005-0173", "CVE-2005-0174", "CVE-2005-0175", "CVE-2005-0211", "CVE-2005-0241");
  script_bugtraq_id(12276);
  script_xref(name:"RHSA", value:"2005:061");

  script_name(english:"RHEL 2.1 / 3 : squid (RHSA-2005:061)");
  script_summary(english:"Checks the rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An updated Squid package that fixes several security issues is now
available.

Squid is a full-featured Web proxy cache.

A buffer overflow flaw was found in the Gopher relay parser. This bug
could allow a remote Gopher server to crash the Squid proxy that reads
data from it. Although Gopher servers are now quite rare, a malicious
web page (for example) could redirect or contain a frame pointing to
an attacker's malicious gopher server. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2005-0094
to this issue.

An integer overflow flaw was found in the WCCP message parser. It is
possible to crash the Squid server if an attacker is able to send a
malformed WCCP message with a spoofed source address matching Squid's
'home router'. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2005-0095 to this issue.

A memory leak was found in the NTLM fakeauth_auth helper. It is
possible that an attacker could place the Squid server under high
load, causing the NTML fakeauth_auth helper to consume a large amount
of memory, resulting in a denial of service. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2005-0096 to this issue.

A NULL pointer de-reference bug was found in the NTLM fakeauth_auth
helper. It is possible for an attacker to send a malformed NTLM type 3
message, causing the Squid server to crash. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name
CVE-2005-0097 to this issue.

A username validation bug was found in squid_ldap_auth. It is possible
for a username to be padded with spaces, which could allow a user to
bypass explicit access control rules or confuse accounting. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2005-0173 to this issue.

The way Squid handles HTTP responses was found to need strengthening.
It is possible that a malicious web server could send a series of HTTP
responses in such a way that the Squid cache could be poisoned,
presenting users with incorrect webpages. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the names
CVE-2005-0174 and CVE-2005-0175 to these issues.

A bug was found in the way Squid handled oversized HTTP response
headers. It is possible that a malicious web server could send a
specially crafted HTTP header which could cause the Squid cache to be
poisoned, presenting users with incorrect webpages. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2005-0241 to this issue.

A buffer overflow bug was found in the WCCP message parser. It is
possible that an attacker could send a malformed WCCP message which
could crash the Squid server or execute arbitrary code. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2005-0211 to this issue.

Users of Squid should upgrade to this updated package, which contains
backported patches, and is not vulnerable to these issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2005-0094"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2005-0095"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2005-0096"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2005-0097"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2005-0173"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2005-0174"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2005-0175"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2005-0211"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2005-0241"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.squid-cache.org/Advisories/SQUID-2005_1.txt"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.squid-cache.org/Advisories/SQUID-2005_2.txt"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.squid-cache.org/Advisories/SQUID-2005_3.txt"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.squid-cache.org/Versions/v2/2.5/bugs/#"
  );
  # http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?96864d1c"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2005:061"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected squid package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:squid");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");

  script_set_attribute(attribute:"vuln_publication_date", value:"2005/01/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2005/02/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/14");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^(2\.1|3)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2005:061";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"squid-2.4.STABLE7-1.21as.4")) flag++;

  if (rpm_check(release:"RHEL3", reference:"squid-2.5.STABLE3-6.3E.7")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "squid");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxsquidp-cpe:/a:redhat:enterprise_linux:squid
redhatenterprise_linux2.1cpe:/o:redhat:enterprise_linux:2.1
redhatenterprise_linux3cpe:/o:redhat:enterprise_linux:3

References

Related

nessus 26
suse 2
redhat 2
openvas 34
ubuntu 2
gentoo 2
debian 4
osv 2
freebsd 8
cert 5
checkpoint_advisories 4
cve 12
debiancve 10
ubuntucve 10
prion 1
nessus
nessus
RHEL 4 : squid (RHSA-2005:060)
2005-02-22 00:00:00
SUSE-SA:2005:006: squid
2005-02-10 00:00:00
Squid < 2.5.STABLE8 Multiple Vulnerabilities
2005-01-18 00:00:00
suse
suse
remote command execution in squid
2005-02-10 15:13:39
remote denial of service in squid
2005-02-22 13:31:16
redhat
redhat
(RHSA-2005:061) squid security update
2005-02-11 00:00:00
(RHSA-2005:060) squid security update
2005-02-15 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-77-1)
2022-08-26 00:00:00
SLES9: Security update for squid
2009-10-10 00:00:00
SLES9: Security update for squid
2009-10-10 00:00:00
ubuntu
ubuntu
Squid vulnerabilities
2005-02-08 00:00:00
Squid vulnerabilities
2005-01-21 00:00:00
gentoo
gentoo
Squid: Multiple vulnerabilities
2005-02-02 00:00:00
Squid: Multiple vulnerabilities
2005-01-16 00:00:00
debian
debian
[SECURITY] [DSA 667-1] New squid packages fix several vulnerabilities
2005-02-04 16:35:59
[SECURITY] [DSA 667-1] New squid packages fix several vulnerabilities
2005-02-04 00:00:00
[SECURITY] [DSA 651-1] New squid packages fix denial of service
2005-01-20 17:06:36
osv
osv
squid - several
2005-02-04 00:00:00
squid - buffer overflow, integer overflow
2005-01-20 00:00:00
freebsd
freebsd
squid -- denial-of-service vulnerabilities
2005-01-16 00:00:00
squid -- correct handling of oversized HTTP reply headers
2005-01-31 00:00:00
squid -- denial of service with forged WCCP messages
2005-01-07 00:00:00
cert
cert
mod_python vulnerable to information disclosure via crafted URL
2005-02-21 00:00:00
Squid fails to properly handle oversized reply headers
2005-02-04 00:00:00
Multiple devices process HTTP requests inconsistently
2005-02-04 00:00:00
checkpoint_advisories
checkpoint_advisories
Squid WCCP Message Parsing Denial Of Service (CVE-2005-0095)
2009-10-26 00:00:00
Squid Proxy Oversized Reply Header Handling - Improved Performance (CVE-2005-0241)
2013-05-29 00:00:00
Squid Gopher Protocol Handling Buffer Overflow (CVE-2005-0094)
2009-12-15 00:00:00
cve
cve
CVE-2005-0094
2005-01-15 05:00:00
CVE-2005-0241
2005-05-02 04:00:00
CVE-2005-0096
2005-01-25 05:00:00
debiancve
debiancve
CVE-2005-0097
2005-01-11 05:00:00
CVE-2005-0241
2005-05-02 04:00:00
CVE-2005-0094
2005-01-15 05:00:00
ubuntucve
ubuntucve
CVE-2005-0241
2005-05-02 00:00:00
CVE-2005-0094
2005-01-15 00:00:00
CVE-2005-0173
2005-05-02 00:00:00
prion
prion
Buffer overflow
2011-09-06 15:55:00
JSON
Related for REDHAT-RHSA-2005-061.NASL
nessus26suse2redhat2openvas34ubuntu2gentoo2debian4osv2freebsd8cert5checkpoint_advisories4cve12debiancve10ubuntucve10prion1