Squid 2.x < 4.12 / 5.x < 5.0.3 (SQUID-2020:5, SQUID-2020:6 & SQUID-2020:7)

2020-08-27T00:00:00
ID SQUID_5_0_3.NASL
Type nessus
Reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2020-08-27T00:00:00

Description

According to its banner, the version of Squid running on the remote host is 2.x prior to 4.12 or 5.x prior to 5.0.3. It is,therefore, affected by multiple vulnerabilities: - Multiple denial of service (DoS) vulnerabilities exist in the SMP cache and TLS handshake implementations of Squid. An unauthenticated, remote attacker can exploit these issues, by sending specially crafted requests to an affected instance, to impose a DoS condition on the application (CVE-2020-14058, CVE-2020-14059).

  • A cache poisoning vulnerability exists in Squid due to insufficient user input validation. An authenticated, remote attacker can exploit this issue, to affect the integrity of the contents returned to users from the cache (CVE-2020-15049).

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(139912);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/08/28");

  script_cve_id("CVE-2020-14058", "CVE-2020-14059", "CVE-2020-15049");

  script_name(english:"Squid 2.x < 4.12 / 5.x < 5.0.3 (SQUID-2020:5, SQUID-2020:6 & SQUID-2020:7)");

  script_set_attribute(attribute:"synopsis", value:
"The remote proxy server is affected by multiple vulnerabilities");
  script_set_attribute(attribute:"description", value:
"According to its banner, the version of Squid running on the remote host is 2.x prior to 4.12 or 5.x prior to 5.0.3. 
It is,therefore, affected by multiple vulnerabilities:
  - Multiple denial of service (DoS) vulnerabilities exist in the SMP cache and TLS handshake implementations of Squid. 
  An unauthenticated, remote attacker can exploit these issues, by sending specially crafted requests to an affected 
  instance, to impose a DoS condition on the application (CVE-2020-14058, CVE-2020-14059). 

  - A cache poisoning vulnerability exists in Squid due to insufficient user input validation. An authenticated, remote
  attacker can exploit this issue, to affect the integrity of the contents returned to users from the cache 
  (CVE-2020-15049).

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version 
number.");
  # https://github.com/squid-cache/squid/security/advisories/GHSA-w7pw-2m4p-58hr
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?42df48c6");
  # https://github.com/squid-cache/squid/security/advisories/GHSA-qvf6-485q-vm57
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5094c7bf");
  # https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f287cb57");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Squid version 4.12 or 5.0.3 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-15049");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/06/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/06/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/08/27");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:squid-cache:squid");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Firewalls");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("squid_version.nasl");
  script_require_keys("installed_sw/Squid", "Settings/ParanoidReport");
  script_require_ports("Services/http_proxy", 3128, 8080);

  exit(0);
}

include('http.inc');
include('vcf.inc');

get_install_count(app_name:'Squid', exit_if_zero:TRUE);

if (report_paranoia < 2)
  audit(AUDIT_PARANOID);

port = get_http_port(default:3128);

app_info = vcf::get_app_info(app:'Squid', port:port, webapp:TRUE);

constraints = [
  {'min_version':'2.0', 'fixed_version':'4.12'},
  {'min_version':'5.0', 'fixed_version':'5.0.3'}
];

vcf::check_version_and_report(
  app_info:app_info,
  constraints:constraints,
  severity:SECURITY_WARNING
);