Ubuntu 16.04 ESM : Squid regression (USN-5771-1)

2022-12-1200:00:00

www.tenable.com

ubuntu 16.04

esm

squid

regression

usn-5771-1

security update

vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.6

Confidence

High

JSON

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5771-1 advisory.

USN-3557-1 fixed vulnerabilities in Squid. This update introduced a regression which could cause the cache     log to be filled with many Vary loop messages. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Mathias Fischer discovered that Squid incorrectly handled certain long strings in headers. A malicious     remote server could possibly cause Squid to crash, resulting in a denial of service. This issue was only     addressed in Ubuntu 16.04 LTS. (CVE-2016-2569)

William Lima discovered that Squid incorrectly handled XML parsing when processing Edge Side Includes     (ESI). A malicious remote server could possibly cause Squid to crash, resulting in a denial of service.
This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2016-2570)

Alex Rousskov discovered that Squid incorrectly handled response-parsing failures. A malicious remote     server could possibly cause Squid to crash, resulting in a denial of service. This issue only applied to     Ubuntu 16.04 LTS. (CVE-2016-2571)

Santiago Ruano Rincn discovered that Squid incorrectly handled certain Vary headers. A remote attacker     could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue was     only addressed in Ubuntu 16.04 LTS. (CVE-2016-3948)

Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge Side Includes (ESI) responses. A     malicious remote server could possibly cause Squid to crash, resulting in a denial of service.
(CVE-2018-1000024)

Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge Side Includes (ESI) responses. A     malicious remote server could possibly cause Squid to crash, resulting in a denial of service.
(CVE-2018-1000027)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-5771-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##

include('compat.inc');

if (description)
{
  script_id(168628);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/08/28");
  script_xref(name:"USN", value:"5771-1");

  script_name(english:"Ubuntu 16.04 ESM : Squid regression (USN-5771-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the
USN-5771-1 advisory.

    USN-3557-1 fixed vulnerabilities in Squid. This update introduced a regression which could cause the cache
    log to be filled with many Vary loop messages. This update fixes the problem.

    We apologize for the inconvenience.

    Original advisory details:

    Mathias Fischer discovered that Squid incorrectly handled certain long strings in headers. A malicious
    remote server could possibly cause Squid to crash, resulting in a denial of service. This issue was only
    addressed in Ubuntu 16.04 LTS. (CVE-2016-2569)

    William Lima discovered that Squid incorrectly handled XML parsing when processing Edge Side Includes
    (ESI). A malicious remote server could possibly cause Squid to crash, resulting in a denial of service.
    This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2016-2570)

    Alex Rousskov discovered that Squid incorrectly handled response-parsing failures. A malicious remote
    server could possibly cause Squid to crash, resulting in a denial of service. This issue only applied to
    Ubuntu 16.04 LTS. (CVE-2016-2571)

    Santiago Ruano Rincn discovered that Squid incorrectly handled certain Vary headers. A remote attacker
    could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue was
    only addressed in Ubuntu 16.04 LTS. (CVE-2016-3948)

    Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge Side Includes (ESI) responses. A
    malicious remote server could possibly cause Squid to crash, resulting in a denial of service.
    (CVE-2018-1000024)

    Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge Side Includes (ESI) responses. A
    malicious remote server could possibly cause Squid to crash, resulting in a denial of service.
    (CVE-2018-1000027)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-5771-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_attribute(attribute:"risk_factor", value:"None");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/12/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/12/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/12/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:esm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:squid");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:squid-cgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:squid-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:squid-purge");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:squid3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:squidclient");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2022-2024 Canonical, Inc. / NASL script (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "ubuntu_pro_sub_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var ubuntu_pro_detected = get_kb_item('Host/Ubuntu/Pro/Services/esm-apps');
ubuntu_pro_detected = !empty_or_null(ubuntu_pro_detected);

var pro_caveat_needed = FALSE;

var pkgs = [
    {'osver': '16.04', 'pkgname': 'squid', 'pkgver': '3.5.12-1ubuntu7.16+esm1', 'ubuntu_pro': TRUE},
    {'osver': '16.04', 'pkgname': 'squid-cgi', 'pkgver': '3.5.12-1ubuntu7.16+esm1', 'ubuntu_pro': TRUE},
    {'osver': '16.04', 'pkgname': 'squid-common', 'pkgver': '3.5.12-1ubuntu7.16+esm1', 'ubuntu_pro': TRUE},
    {'osver': '16.04', 'pkgname': 'squid-purge', 'pkgver': '3.5.12-1ubuntu7.16+esm1', 'ubuntu_pro': TRUE},
    {'osver': '16.04', 'pkgname': 'squid3', 'pkgver': '3.5.12-1ubuntu7.16+esm1', 'ubuntu_pro': TRUE},
    {'osver': '16.04', 'pkgname': 'squidclient', 'pkgver': '3.5.12-1ubuntu7.16+esm1', 'ubuntu_pro': TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  var pro_required = NULL;
  if (!empty_or_null(package_array['ubuntu_pro'])) pro_required = package_array['ubuntu_pro'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) {
        flag++;
        if (!ubuntu_pro_detected && !pro_caveat_needed) pro_caveat_needed = pro_required;
    }
  }
}

if (flag)
{
  var extra = '';
  if (pro_caveat_needed) {
    extra += 'NOTE: This vulnerability check contains fixes that apply to packages only \n';
    extra += 'available in Ubuntu ESM repositories. Access to these package security updates \n';
    extra += 'require an Ubuntu Pro subscription.\n\n';
  }
  extra += ubuntu_report_get();
  security_report_v4(
    port       : 0,
    severity   : SECURITY_NOTE,
    extra      : extra
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'squid / squid-cgi / squid-common / squid-purge / squid3 / etc');
}

VendorProductVersionCPE
canonicalubuntu_linuxsquid-commonp-cpe:/a:canonical:ubuntu_linux:squid-common
canonicalubuntu_linuxsquid-cgip-cpe:/a:canonical:ubuntu_linux:squid-cgi
canonicalubuntu_linuxsquidp-cpe:/a:canonical:ubuntu_linux:squid
canonicalubuntu_linuxsquid-purgep-cpe:/a:canonical:ubuntu_linux:squid-purge
canonicalubuntu_linuxsquidclientp-cpe:/a:canonical:ubuntu_linux:squidclient
canonicalubuntu_linuxsquid3p-cpe:/a:canonical:ubuntu_linux:squid3
canonicalubuntu_linux16.04cpe:/o:canonical:ubuntu_linux:16.04:-:esm

Vendor	Product	Version	CPE
canonical	ubuntu_linux	squid-common	p-cpe:/a:canonical:ubuntu_linux:squid-common
canonical	ubuntu_linux	squid-cgi	p-cpe:/a:canonical:ubuntu_linux:squid-cgi
canonical	ubuntu_linux	squid	p-cpe:/a:canonical:ubuntu_linux:squid
canonical	ubuntu_linux	squid-purge	p-cpe:/a:canonical:ubuntu_linux:squid-purge
canonical	ubuntu_linux	squidclient	p-cpe:/a:canonical:ubuntu_linux:squidclient
canonical	ubuntu_linux	squid3	p-cpe:/a:canonical:ubuntu_linux:squid3
canonical	ubuntu_linux	16.04	cpe:/o:canonical:ubuntu_linux:16.04:-:esm