Squid 3.x < 3.5.18 / 4.x < 4.0.10 Multiple Denial of Service Vulnerabilities (SQUID-2016:9)

2018-12-17T00:00:00
ID SQUID_2016_9.NASL
Type nessus
Reporter Tenable
Modified 2018-12-17T00:00:00

Description

According to its banner, the version of Squid running on the remote host is 3.x prior to 3.5.18, or 4.x prior to 4.0.10. It is, therefore, affected by multiple denial of service (DoS) vulnerabilities in the ESI response processing component due to incorrect pointer handling and reference counting. A remote attacker controlled server can exploit this issue, via crafted ESI responses, to cause a denial of service for all clients accessing the Squid service.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(119723);
  script_version("1.1");
  script_cvs_date("Date: 2018/12/17 13:39:24");

  script_cve_id("CVE-2016-4555", "CVE-2016-4556");

  script_name(english:"Squid 3.x < 3.5.18 / 4.x < 4.0.10 Multiple Denial of Service Vulnerabilities (SQUID-2016:9)");
  script_summary(english:"Checks the version of Squid.");

  script_set_attribute(attribute:"synopsis", value:
"The remote proxy server is affected by multiple denial of service
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its banner, the version of Squid running on the remote
host is 3.x prior to 3.5.18, or 4.x prior to 4.0.10. It is,
therefore, affected by multiple denial of service (DoS)
vulnerabilities in the ESI response processing component due to
incorrect pointer handling and reference counting. A remote attacker
controlled server can exploit this issue, via crafted ESI responses,
to cause a denial of service for all clients accessing the Squid
service.

Note that Nessus has not tested for this issue but has instead
relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"http://www.squid-cache.org/Advisories/SQUID-2016_9.txt");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Squid version 3.5.18 or 4.0.10 or later. Alternatively,
apply the vendor-supplied patch.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-4555");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/05/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/17");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:squid-cache:squid");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Firewalls");

  script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("squid_version.nasl");
  script_require_keys("installed_sw/Squid", "Settings/ParanoidReport");
  script_require_ports("Services/http_proxy", 3128, 8080);

  exit(0);
}

include("vcf.inc");
include("http.inc");

app = "Squid";
get_install_count(app_name:app, exit_if_zero:TRUE);

if (report_paranoia < 2) audit(AUDIT_PARANOID);

port = get_http_port(default:3128);

app_info = vcf::get_app_info(app:app, port:port, webapp:TRUE);

# Affected versions:  Squid 3.x -> 3.5.17
#                     Squid 4.x -> 4.0.9
# Fixed in version:   Squid 4.0.10, 3.5.18
constraints = [
  {"min_version":"3.0", "fixed_version":"3.5.18"},
  {"min_version":"4.0", "fixed_version":"4.0.10"}
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);