Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20100330_SQUID_ON_SL5_X.NASL
HistoryAug 01, 2012 - 12:00 a.m.

Scientific Linux Security Update : squid on SL5.x i386/x86_64

2012-08-0100:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
JSON

A flaw was found in the way Squid processed certain external ACL helper HTTP header fields that contained a delimiter that was not a comma. A remote attacker could issue a crafted request to the Squid server, causing excessive CPU use (up to 100%). (CVE-2009-2855)

Note: The CVE-2009-2855 issue only affected non-default configurations that use an external ACL helper script.

A flaw was found in the way Squid handled truncated DNS replies. A remote attacker able to send specially crafted UDP packets to Squid’s DNS client port could trigger an assertion failure in Squid’s child process, causing that child process to exit. (CVE-2010-0308)

This update also fixes the following bugs :

  • Squid’s init script returns a non-zero value when trying to stop a stopped service. This is not LSB compliant and can generate difficulties in cluster environments. This update makes stopping LSB compliant. (BZ#521926)

  • Squid is not currently built to support MAC address filtering in ACLs. This update includes support for MAC address filtering. (BZ#496170)

  • Squid is not currently built to support Kerberos negotiate authentication. This update enables Kerberos authentication. (BZ#516245)

  • Squid does not include the port number as part of URIs it constructs when configured as an accelerator. This results in a 403 error. This update corrects this behavior. (BZ#538738)

  • the error_map feature does not work if the same handling is set also on the HTTP server that operates in deflate mode. This update fixes this issue. (BZ#470843)

After installing this update, the squid service will be restarted automatically.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(60775);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2009-2855", "CVE-2010-0308");

  script_name(english:"Scientific Linux Security Update : squid on SL5.x i386/x86_64");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Scientific Linux host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A flaw was found in the way Squid processed certain external ACL
helper HTTP header fields that contained a delimiter that was not a
comma. A remote attacker could issue a crafted request to the Squid
server, causing excessive CPU use (up to 100%). (CVE-2009-2855)

Note: The CVE-2009-2855 issue only affected non-default configurations
that use an external ACL helper script.

A flaw was found in the way Squid handled truncated DNS replies. A
remote attacker able to send specially crafted UDP packets to Squid's
DNS client port could trigger an assertion failure in Squid's child
process, causing that child process to exit. (CVE-2010-0308)

This update also fixes the following bugs :

  - Squid's init script returns a non-zero value when trying
    to stop a stopped service. This is not LSB compliant and
    can generate difficulties in cluster environments. This
    update makes stopping LSB compliant. (BZ#521926)

  - Squid is not currently built to support MAC address
    filtering in ACLs. This update includes support for MAC
    address filtering. (BZ#496170)

  - Squid is not currently built to support Kerberos
    negotiate authentication. This update enables Kerberos
    authentication. (BZ#516245)

  - Squid does not include the port number as part of URIs
    it constructs when configured as an accelerator. This
    results in a 403 error. This update corrects this
    behavior. (BZ#538738)

  - the error_map feature does not work if the same handling
    is set also on the HTTP server that operates in deflate
    mode. This update fixes this issue. (BZ#470843)

After installing this update, the squid service will be restarted
automatically."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=470843"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=496170"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=516245"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=521926"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=538738"
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1004&L=scientific-linux-errata&T=0&P=678
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?7f6169b0"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected squid package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_cwe_id(20);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/03/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL5", reference:"squid-2.6.STABLE21-6.el5")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
fermilabscientific_linuxx-cpe:/o:fermilab:scientific_linux

Related

securityvulns 4
redhat 1
openvas 25
oraclelinux 1
debian 1
nessus 18
ubuntu 1
osv 1
cvelist 2
ubuntucve 2
cve 2
prion 2
debiancve 2
seebug 1
veracode 2
checkpoint_advisories 1
freebsd 1
gentoo 1
securityvulns
securityvulns
[SECURITY] [DSA 1991-1] New squid/squid3 packages fix denial of service
2010-02-04 00:00:00
squid proxy server DoS
2010-02-04 00:00:00
[ MDVSA-2009:241 ] squid
2009-09-23 00:00:00
redhat
redhat
(RHSA-2010:0221) Low: squid security and bug fix update
2010-03-30 00:00:00
openvas
openvas
Ubuntu Update for squid vulnerabilities USN-901-1
2010-02-19 00:00:00
RedHat Update for squid RHSA-2010:0221-04
2010-04-06 00:00:00
Debian: Security Advisory (DSA-1991-1)
2010-02-10 00:00:00
oraclelinux
oraclelinux
squid security and bug fix update
2010-04-05 00:00:00
debian
debian
[SECURITY] [DSA 1991-1] New squid/squid3 packages fix denial of service
2010-02-04 08:46:53
nessus
nessus
SuSE 10 Security Update : squid (ZYPP Patch Number 6931)
2010-10-11 00:00:00
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : squid vulnerabilities (USN-901-1)
2010-02-17 00:00:00
SuSE9 Security Update : squid (YOU Patch Number 12597)
2010-03-23 00:00:00
ubuntu
ubuntu
Squid vulnerabilities
2010-02-16 00:00:00
osv
osv
squid squid3 - denial of service
2010-02-04 00:00:00
cvelist
cvelist
CVE-2009-2855
2009-08-18 20:41:00
CVE-2010-0308
2010-02-03 18:00:00
ubuntucve
ubuntucve
CVE-2009-2855
2009-08-18 00:00:00
CVE-2010-0308
2010-02-03 00:00:00
cve
cve
CVE-2009-2855
2009-08-18 21:00:00
CVE-2010-0308
2010-02-03 18:30:00
prion
prion
Design/Logic Flaw
2010-02-03 18:30:00
Code injection
2009-08-18 21:00:00
debiancve
debiancve
CVE-2010-0308
2010-02-03 18:30:00
CVE-2009-2855
2009-08-18 21:00:00
seebug
seebug
Squid外部认证头解析器拒绝服务漏洞
2009-08-21 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:47:42
Denial Of Service (DoS)
2020-04-10 00:47:43
checkpoint_advisories
checkpoint_advisories
Squid strListGetItem Denial of Service (CVE-2009-2855)
2010-05-09 00:00:00
freebsd
freebsd
squid -- Denial of Service vulnerability in DNS handling
2010-01-14 00:00:00
gentoo
gentoo
Squid: Multiple vulnerabilities
2011-10-26 00:00:00
JSON
Related for SL_20100330_SQUID_ON_SL5_X.NASL
securityvulns4redhat1openvas25oraclelinux1debian1nessus18ubuntu1osv1cvelist2ubuntucve2cve2prion2debiancve2seebug1veracode2checkpoint_advisories1freebsd1gentoo1