Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-1713-1.NASL
HistoryJan 31, 2013 - 12:00 a.m.

Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : squid, squid3 vulnerabilities (USN-1713-1)

2013-01-3100:00:00
Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
JSON

It was discovered that squidโ€™s cachemgr.cgi was vulnerable to excessive resource use. A remote attacker could exploit this flaw to perform a denial of service attack on the server and other hosted services. (CVE-2012-5643)

It was discovered that the patch for CVE-2012-5643 was incorrect. A remote attacker could exploit this flaw to perform a denial of service attack. (CVE-2013-0189).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1713-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(64376);
  script_version("1.7");
  script_cvs_date("Date: 2019/09/19 12:54:28");

  script_cve_id("CVE-2012-5643", "CVE-2013-0189");
  script_bugtraq_id(56957, 57646);
  script_xref(name:"USN", value:"1713-1");

  script_name(english:"Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : squid, squid3 vulnerabilities (USN-1713-1)");
  script_summary(english:"Checks dpkg output for updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Ubuntu host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that squid's cachemgr.cgi was vulnerable to
excessive resource use. A remote attacker could exploit this flaw to
perform a denial of service attack on the server and other hosted
services. (CVE-2012-5643)

It was discovered that the patch for CVE-2012-5643 was incorrect. A
remote attacker could exploit this flaw to perform a denial of service
attack. (CVE-2013-0189).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/1713-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected squid-cgi package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:squid-cgi");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/12/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/01/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/31");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(10\.04|11\.10|12\.04|12\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 11.10 / 12.04 / 12.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"10.04", pkgname:"squid-cgi", pkgver:"2.7.STABLE7-1ubuntu12.6")) flag++;
if (ubuntu_check(osver:"11.10", pkgname:"squid-cgi", pkgver:"3.1.14-1ubuntu0.3")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"squid-cgi", pkgver:"3.1.19-1ubuntu3.12.04.2")) flag++;
if (ubuntu_check(osver:"12.10", pkgname:"squid-cgi", pkgver:"3.1.20-1ubuntu1.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "squid-cgi");
}
VendorProductVersionCPE
canonicalubuntu_linuxsquid-cgip-cpe:/a:canonical:ubuntu_linux:squid-cgi
canonicalubuntu_linux10.04cpe:/o:canonical:ubuntu_linux:10.04:-:lts
canonicalubuntu_linux11.10cpe:/o:canonical:ubuntu_linux:11.10
canonicalubuntu_linux12.04cpe:/o:canonical:ubuntu_linux:12.04:-:lts
canonicalubuntu_linux12.10cpe:/o:canonical:ubuntu_linux:12.10

Related

openvas 26
securityvulns 2
nessus 23
fedora 6
prion 3
debian 1
cve 3
ubuntu 1
ubuntucve 2
seebug 1
debiancve 2
freebsd 1
osv 1
veracode 1
redhat 1
checkpoint_advisories 1
oraclelinux 1
altlinux 1
centos 1
gentoo 1
suse 2
openvas
openvas
Debian Security Advisory DSA 2631-1 (squid3 - denial of service)
2013-02-24 00:00:00
Debian: Security Advisory (DSA-2631-1)
2013-02-23 00:00:00
Fedora Update for squid FEDORA-2013-1625
2013-02-11 00:00:00
securityvulns
securityvulns
[ MDVSA-2013:013 ] squid
2013-02-24 00:00:00
squid cachemanager DoS
2013-02-24 00:00:00
nessus
nessus
FreeBSD : squid -- denial of service (c37de843-488e-11e2-a5c9-0019996bc1f7)
2012-12-31 00:00:00
Oracle Solaris Third-Party Patch Update : squid (multiple_vulnerabilities_in_squid)
2015-01-19 00:00:00
Mandriva Linux Security Advisory : squid (MDVSA-2013:013)
2013-02-21 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: squid-3.2.5-2.fc18
2013-02-08 16:55:06
[SECURITY] Fedora 17 Update: squid-3.2.5-2.fc17
2013-02-08 17:02:49
[SECURITY] Fedora 17 Update: squid-3.2.9-1.fc17
2013-04-05 23:00:38
prion
prion
Design/Logic Flaw
2013-02-08 20:55:00
Authentication flaw
2012-12-20 12:02:00
Design/Logic Flaw
2013-10-04 23:55:00
debian
debian
[SECURITY] [DSA 2631-1] squid3 security update
2013-02-24 10:51:43
cve
cve
CVE-2013-0189
2013-02-08 20:55:00
CVE-2012-5643
2012-12-20 12:02:00
CVE-2013-0188
2013-10-04 23:55:00
ubuntu
ubuntu
Squid vulnerabilities
2013-01-31 00:00:00
ubuntucve
ubuntucve
CVE-2013-0189
2013-01-16 00:00:00
CVE-2012-5643
2012-12-20 00:00:00
seebug
seebug
Squid 'cachemgr.cgi'ไธๅฎŒๆ•ดไฟฎๅค่ฟœ็จ‹ๆ‹’็ปๆœๅŠกๆผๆดž
2013-02-03 00:00:00
debiancve
debiancve
CVE-2013-0189
2013-02-08 20:55:00
CVE-2012-5643
2012-12-20 12:02:00
freebsd
freebsd
squid -- denial of service
2012-12-17 00:00:00
osv
osv
squid3 - denial of service
2013-02-24 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:57:14
redhat
redhat
(RHSA-2013:0505) Moderate: squid security and bug fix update
2013-02-21 00:00:00
checkpoint_advisories
checkpoint_advisories
Squid Proxy Cache cachemgr.cgi Resource Exhaustion (CVE-2012-5643)
2012-12-30 00:00:00
oraclelinux
oraclelinux
squid security and bug fix update
2013-02-22 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package squid version 3.1.23-alt1
2013-01-28 00:00:00
centos
centos
squid security update
2013-02-27 19:38:48
gentoo
gentoo
Squid: Multiple vulnerabilities
2013-09-27 00:00:00
suse
suse
Security update for squid3 (important)
2016-08-09 17:12:26
Security update for squid3 (important)
2016-08-16 18:08:55
JSON
Related for UBUNTU_USN-1713-1.NASL
openvas26securityvulns2nessus23fedora6prion3debian1cve3ubuntu1ubuntucve2seebug1debiancve2freebsd1osv1veracode1redhat1checkpoint_advisories1oraclelinux1altlinux1centos1gentoo1suse2