Lucene search
Ubuntu: Security Advisory (USN-4289-1)
🗓️ 21 Feb 2020 00:00:00Reported by Copyright (C) 2020 Greenbone AGType 
openvas🔗 plugins.openvas.org👁 26 Views
Ubuntu: Security Advisory for 'squid, squid3' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 19.10. Remote attackers can exploit multiple vulnerabilities to obtain sensitive information, access prohibited server resources, cause denial of service, or possibly execute arbitrary code. Update the packages to fix the issues
Show more
| Reporter | Title | Published | Views | Family All 142 |
|---|---|---|---|---|
| SUSE: Security Advisory (SUSE-SU-2020:0487-1) | 19 Apr 202100:00 | – | openvas |
| SUSE: Security Advisory (SUSE-SU-2020:0493-1) | 9 Jun 202100:00 | – | openvas |
| Squid Multiple Security Update Advisories (SQUID-2020:1, SQUID-2020:2, SQUID-2020:3) | 5 Feb 202000:00 | – | openvas |
| openSUSE: Security Advisory for squid (openSUSE-SU-2020:0307-1) | 7 Mar 202000:00 | – | openvas |
| Mageia: Security Advisory (MGASA-2020-0106) | 28 Jan 202200:00 | – | openvas |
| Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2020-1326) | 24 Mar 202000:00 | – | openvas |
| openSUSE: Security Advisory for squid (openSUSE-SU-2020:0606-1) | 4 May 202000:00 | – | openvas |
| Fedora: Security Advisory for squid (FEDORA-2020-790296a8f4) | 4 Apr 202000:00 | – | openvas |
| Fedora: Security Advisory for squid (FEDORA-2020-ab8e7463ab) | 4 Apr 202000:00 | – | openvas |
| Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2020-1591) | 26 May 202000:00 | – | openvas |
10
| Source | Link |
|---|---|
| ubuntu | www.ubuntu.com/security/notices/USN-4289-1 |
# SPDX-FileCopyrightText: 2020 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.844350");
script_cve_id("CVE-2019-12528", "CVE-2020-8449", "CVE-2020-8450", "CVE-2020-8517");
script_tag(name:"creation_date", value:"2020-02-21 04:00:18 +0000 (Fri, 21 Feb 2020)");
script_version("2024-02-02T05:06:07+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:07 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2020-02-06 14:35:04 +0000 (Thu, 06 Feb 2020)");
script_name("Ubuntu: Security Advisory (USN-4289-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2020 Greenbone AG");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(16\.04\ LTS|18\.04\ LTS|19\.10)");
script_xref(name:"Advisory-ID", value:"USN-4289-1");
script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-4289-1");
script_tag(name:"summary", value:"The remote host is missing an update for the 'squid, squid3' package(s) announced via the USN-4289-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Jeriko One discovered that Squid incorrectly handled memory when connected
to an FTP server. A remote attacker could possibly use this issue to obtain
sensitive information from Squid memory. (CVE-2019-12528)
Regis Leroy discovered that Squid incorrectly handled certain HTTP
requests. A remote attacker could possibly use this issue to access server
resources prohibited by earlier security filters. (CVE-2020-8449)
Guido Vranken discovered that Squid incorrectly handled certain buffer
operations when acting as a reverse proxy. A remote attacker could use
this issue to cause Squid to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2020-8450)
Aaron Costello discovered that Squid incorrectly handled certain NTLM
authentication credentials. A remote attacker could possibly use this issue
to cause Squid to crash, resulting in a denial of service. (CVE-2020-8517)");
script_tag(name:"affected", value:"'squid, squid3' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 19.10.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "UBUNTU16.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"squid", ver:"3.5.12-1ubuntu7.10", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU18.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"squid", ver:"3.5.27-1ubuntu1.5", rls:"UBUNTU18.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU19.10") {
if(!isnull(res = isdpkgvuln(pkg:"squid", ver:"4.8-1ubuntu2.2", rls:"UBUNTU19.10"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo21 Feb 2020 00:00Current
7.8High risk
Vulners AI Score7.8
CVSS25
CVSS37.5
EPSS0.94043