{"id": "RHSA-2011:1293", "hash": "290677166bba6a62da79fcc81af638db", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2011:1293) Moderate: squid security update", "description": "Squid is a high-performance proxy caching server for web clients,\nsupporting FTP, Gopher, and HTTP data objects.\n\nA buffer overflow flaw was found in the way Squid parsed replies from\nremote Gopher servers. A remote user allowed to send Gopher requests to a\nSquid proxy could possibly use this flaw to cause the squid child process\nto crash or execute arbitrary code with the privileges of the squid user,\nby making Squid perform a request to an attacker-controlled Gopher server.\n(CVE-2011-3205)\n\nUsers of squid should upgrade to this updated package, which contains a\nbackported patch to correct this issue. After installing this update, the\nsquid service will be restarted automatically.\n", "published": "2011-09-14T04:00:00", "modified": "2018-06-06T20:24:16", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2011:1293", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2011-3205"], "lastseen": "2018-12-11T19:40:49", "history": [{"bulletin": {"id": "RHSA-2011:1293", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2011:1293) Moderate: squid security update", "description": "Squid is a high-performance proxy caching server for web clients,\nsupporting FTP, Gopher, and HTTP data objects.\n\nA buffer overflow flaw was found in the way Squid parsed replies from\nremote Gopher servers. A remote user allowed to send Gopher requests to a\nSquid proxy could possibly use this flaw to cause the squid child process\nto crash or execute arbitrary code with the privileges of the squid user,\nby making Squid perform a request to an attacker-controlled Gopher server.\n(CVE-2011-3205)\n\nUsers of squid should upgrade to this updated package, which contains a\nbackported patch to correct this issue. After installing this update, the\nsquid service will be restarted automatically.\n", "published": "2011-09-14T04:00:00", "modified": "2017-03-03T17:26:22", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2011:1293", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2011-3205"], "lastseen": "2017-03-05T21:18:23", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "affectedPackage": [{"packageFilename": "squid-3.1.10-1.el6_1.1.i686.rpm", "OS": "RedHat", "arch": "i686", "packageName": "squid", "OSVersion": "6", "packageVersion": "3.1.10-1.el6_1.1", "operator": "lt"}, {"packageFilename": "squid-debuginfo-3.1.10-1.el6_1.1.ppc64.rpm", "OS": "RedHat", "arch": "ppc64", "packageName": "squid-debuginfo", "OSVersion": "6", "packageVersion": "3.1.10-1.el6_1.1", "operator": "lt"}, {"packageFilename": "squid-3.1.10-1.el6_1.1.ppc64.rpm", "OS": "RedHat", "arch": "ppc64", "packageName": "squid", "OSVersion": "6", "packageVersion": "3.1.10-1.el6_1.1", "operator": "lt"}, {"packageFilename": "squid-debuginfo-3.1.10-1.el6_1.1.i686.rpm", "OS": "RedHat", "arch": "i686", "packageName": "squid-debuginfo", "OSVersion": "6", "packageVersion": "3.1.10-1.el6_1.1", "operator": "lt"}, {"packageFilename": "squid-debuginfo-3.1.10-1.el6_1.1.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "squid-debuginfo", "OSVersion": "6", "packageVersion": "3.1.10-1.el6_1.1", "operator": "lt"}, {"packageFilename": "squid-3.1.10-1.el6_1.1.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "squid", "OSVersion": "6", "packageVersion": "3.1.10-1.el6_1.1", "operator": "lt"}, {"packageFilename": "squid-3.1.10-1.el6_1.1.src.rpm", "OS": "RedHat", "arch": "src", "packageName": "squid", "OSVersion": "6", "packageVersion": "3.1.10-1.el6_1.1", "operator": "lt"}, {"packageFilename": "squid-debuginfo-3.1.10-1.el6_1.1.s390x.rpm", "OS": "RedHat", "arch": "s390x", "packageName": "squid-debuginfo", "OSVersion": "6", "packageVersion": "3.1.10-1.el6_1.1", "operator": "lt"}, {"packageFilename": "squid-3.1.10-1.el6_1.1.s390x.rpm", "OS": "RedHat", "arch": "s390x", "packageName": "squid", "OSVersion": "6", "packageVersion": "3.1.10-1.el6_1.1", "operator": "lt"}]}, "lastseen": "2017-03-05T21:18:23", "differentElements": ["modified"], "edition": 1}, {"bulletin": {"id": "RHSA-2011:1293", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2011:1293) Moderate: squid security update", "description": "Squid is a high-performance proxy caching server for web clients,\nsupporting FTP, Gopher, and HTTP data objects.\n\nA buffer overflow flaw was found in the way Squid parsed replies from\nremote Gopher servers. A remote user allowed to send Gopher requests to a\nSquid proxy could possibly use this flaw to cause the squid child process\nto crash or execute arbitrary code with the privileges of the squid user,\nby making Squid perform a request to an attacker-controlled Gopher server.\n(CVE-2011-3205)\n\nUsers of squid should upgrade to this updated package, which contains a\nbackported patch to correct this issue. After installing this update, the\nsquid service will be restarted automatically.\n", "published": "2011-09-14T04:00:00", "modified": "2017-11-24T18:38:29", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2011:1293", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2011-3205"], "lastseen": "2017-11-25T08:02:11", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 5.1, "modified": "2017-11-25T08:02:11"}}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "3.1.10-1.el6_1.1", "packageName": "squid-debuginfo", "packageFilename": "squid-debuginfo-3.1.10-1.el6_1.1.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "3.1.10-1.el6_1.1", "packageName": "squid", "packageFilename": "squid-3.1.10-1.el6_1.1.src.rpm", "arch": "src", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "3.1.10-1.el6_1.1", "packageName": "squid", "packageFilename": "squid-3.1.10-1.el6_1.1.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "3.1.10-1.el6_1.1", "packageName": "squid-debuginfo", "packageFilename": "squid-debuginfo-3.1.10-1.el6_1.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "3.1.10-1.el6_1.1", "packageName": "squid", "packageFilename": "squid-3.1.10-1.el6_1.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "3.1.10-1.el6_1.1", "packageName": "squid-debuginfo", "packageFilename": "squid-debuginfo-3.1.10-1.el6_1.1.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "3.1.10-1.el6_1.1", "packageName": "squid-debuginfo", "packageFilename": "squid-debuginfo-3.1.10-1.el6_1.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "3.1.10-1.el6_1.1", "packageName": "squid", "packageFilename": "squid-3.1.10-1.el6_1.1.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "3.1.10-1.el6_1.1", "packageName": "squid", "packageFilename": "squid-3.1.10-1.el6_1.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}]}, "lastseen": "2017-11-25T08:02:11", "differentElements": ["modified"], "edition": 2}, {"bulletin": {"id": "RHSA-2011:1293", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2011:1293) Moderate: squid security update", "description": "Squid is a high-performance proxy caching server for web clients,\nsupporting FTP, Gopher, and HTTP data objects.\n\nA buffer overflow flaw was found in the way Squid parsed replies from\nremote Gopher servers. A remote user allowed to send Gopher requests to a\nSquid proxy could possibly use this flaw to cause the squid child process\nto crash or execute arbitrary code with the privileges of the squid user,\nby making Squid perform a request to an attacker-controlled Gopher server.\n(CVE-2011-3205)\n\nUsers of squid should upgrade to this updated package, which contains a\nbackported patch to correct this issue. After installing this update, the\nsquid service will be restarted automatically.\n", "published": "2011-09-14T04:00:00", "modified": "2017-11-27T17:18:29", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2011:1293", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2011-3205"], "lastseen": "2017-12-25T20:05:06", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "3.1.10-1.el6_1.1", "packageName": "squid-debuginfo", "packageFilename": "squid-debuginfo-3.1.10-1.el6_1.1.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "3.1.10-1.el6_1.1", "packageName": "squid", "packageFilename": "squid-3.1.10-1.el6_1.1.src.rpm", "arch": "src", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "3.1.10-1.el6_1.1", "packageName": "squid", "packageFilename": "squid-3.1.10-1.el6_1.1.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "3.1.10-1.el6_1.1", "packageName": "squid-debuginfo", "packageFilename": "squid-debuginfo-3.1.10-1.el6_1.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "3.1.10-1.el6_1.1", "packageName": "squid", "packageFilename": "squid-3.1.10-1.el6_1.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "3.1.10-1.el6_1.1", "packageName": "squid-debuginfo", "packageFilename": "squid-debuginfo-3.1.10-1.el6_1.1.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "3.1.10-1.el6_1.1", "packageName": "squid-debuginfo", "packageFilename": "squid-debuginfo-3.1.10-1.el6_1.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "3.1.10-1.el6_1.1", "packageName": "squid", "packageFilename": "squid-3.1.10-1.el6_1.1.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "3.1.10-1.el6_1.1", "packageName": "squid", "packageFilename": "squid-3.1.10-1.el6_1.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}]}, "lastseen": "2017-12-25T20:05:06", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "RHSA-2011:1293", "hash": "8ffd6dff7b4246e2e969b3bb5e05bf0c", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2011:1293) Moderate: squid security update", "description": "Squid is a high-performance proxy caching server for web clients,\nsupporting FTP, Gopher, and HTTP data objects.\n\nA buffer overflow flaw was found in the way Squid parsed replies from\nremote Gopher servers. A remote user allowed to send Gopher requests to a\nSquid proxy could possibly use this flaw to cause the squid child process\nto crash or execute arbitrary code with the privileges of the squid user,\nby making Squid perform a request to an attacker-controlled Gopher server.\n(CVE-2011-3205)\n\nUsers of squid should upgrade to this updated package, which contains a\nbackported patch to correct this issue. After installing this update, the\nsquid service will be restarted automatically.\n", "published": "2011-09-14T04:00:00", "modified": "2018-06-06T20:24:16", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2011:1293", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2011-3205"], "lastseen": "2018-06-12T21:09:48", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "squid-debuginfo", "packageVersion": "3.1.10-1.el6_1.1", "packageFilename": "squid-debuginfo-3.1.10-1.el6_1.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "src", "packageName": "squid", "packageVersion": "3.1.10-1.el6_1.1", "packageFilename": "squid-3.1.10-1.el6_1.1.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "squid", "packageVersion": "3.1.10-1.el6_1.1", "packageFilename": "squid-3.1.10-1.el6_1.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "squid-debuginfo", "packageVersion": "3.1.10-1.el6_1.1", "packageFilename": "squid-debuginfo-3.1.10-1.el6_1.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "squid", "packageVersion": "3.1.10-1.el6_1.1", "packageFilename": "squid-3.1.10-1.el6_1.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "squid-debuginfo", "packageVersion": "3.1.10-1.el6_1.1", "packageFilename": "squid-debuginfo-3.1.10-1.el6_1.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "squid-debuginfo", "packageVersion": "3.1.10-1.el6_1.1", "packageFilename": "squid-debuginfo-3.1.10-1.el6_1.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "squid", "packageVersion": "3.1.10-1.el6_1.1", "packageFilename": "squid-3.1.10-1.el6_1.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "squid", "packageVersion": "3.1.10-1.el6_1.1", "packageFilename": "squid-3.1.10-1.el6_1.1.x86_64.rpm", "operator": "lt"}]}, "lastseen": "2018-06-12T21:09:48", "differentElements": ["affectedPackage"], "edition": 4}], "viewCount": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-3205"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2011:1018-1", "SUSE-SU-2011:1019-1", "SUSE-SU-2016:1996-1", "SUSE-SU-2016:2089-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27004", "SECURITYVULNS:VULN:11903"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2011-150.NASL", "SOLARIS11_SQUID_20120118.NASL", "REDHAT-RHSA-2011-1293.NASL", "SUSE_11_SQUID3-110902.NASL", "FEDORA_2011-11854.NASL", "ORACLELINUX_ELSA-2011-1293.NASL", "DEBIAN_DSA-2304.NASL", "SUSE_11_3_SQUID3-110902.NASL", "SUSE_11_4_SQUID3-110902.NASL", "SL_20110914_SQUID_ON_SL6_X.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2304-1:96DC3"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231070241", "OPENVAS:1361412562310870678", "OPENVAS:103233", "OPENVAS:70241", "OPENVAS:1361412562310122087", "OPENVAS:870678", "OPENVAS:1361412562310103233", "OPENVAS:831469", "OPENVAS:1361412562310831469", "OPENVAS:70787"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1293"]}, {"type": "gentoo", "idList": ["GLSA-201110-24"]}], "modified": "2018-12-11T19:40:49"}, "vulnersScore": 7.5}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "squid-debuginfo", "packageVersion": "3.1.10-1.el6_1.1", "packageFilename": "squid-debuginfo-3.1.10-1.el6_1.1.ppc64.rpm", "operator": "lt"}], "_object_type": "robots.models.redhat.RedHatBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"]}

{"cve": [{"lastseen": "2017-04-18T15:53:04", "bulletinFamily": "NVD", "description": "Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.", "modified": "2016-11-28T14:07:37", "published": "2011-09-06T11:55:08", "id": "CVE-2011-3205", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3205", "title": "CVE-2011-3205", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:56:09", "bulletinFamily": "unix", "description": "This update of squid3 fixes a buffer overflow vulnerability\n in the Gopher reply parser code (CVE-2011-3205).\n\n", "modified": "2011-09-07T17:08:13", "published": "2011-09-07T17:08:13", "id": "OPENSUSE-SU-2011:1018-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html", "type": "suse", "title": "VUL-0: CVE-2011-3205: squid: buffer overflow in Gopher reply parser (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:21:19", "bulletinFamily": "unix", "description": "This update of squid3 fixes a buffer overflow vulnerability\n in the Gopher reply parser code (CVE-2011-3205).\n", "modified": "2011-09-07T17:08:16", "published": "2011-09-07T17:08:16", "id": "SUSE-SU-2011:1019-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html", "type": "suse", "title": "Security update for squid3 (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:09:51", "bulletinFamily": "unix", "description": "This update for squid3 fixes the following issues:\n\n - Multiple issues in pinger ICMP processing. (CVE-2014-7141,\n CVE-2014-7142)\n\n - CVE-2016-3947: Buffer overrun issue in pinger ICMPv6 processing.\n (bsc#973782)\n\n - CVE-2016-4554: fix header smuggling issue in HTTP Request processing\n (bsc#979010)\n\n - fix multiple Denial of Service issues in HTTP Response processing.\n (CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572, bsc#968392,\n bsc#968393, bsc#968394, bsc#968395)\n\n - CVE-2016-3948: Fix denial of service in HTTP Response processing\n (bsc#973783)\n\n - CVE-2016-4051: fixes buffer overflow in cachemgr.cgi (bsc#976553)\n\n - CVE-2016-4052, CVE-2016-4053, CVE-2016-4054:\n * fixes multiple issues in ESI processing (bsc#976556)\n\n - CVE-2016-4556: fixes double free vulnerability in Esi.cc (bsc#979008)\n\n - CVE-2015-5400: Improper Protection of Alternate Path (bsc#938715)\n\n - CVE-2014-6270: fix off-by-one in snmp subsystem (bsc#895773)\n\n - Memory leak in squid3 when using external_acl (bsc#976708)\n\n", "modified": "2016-08-09T17:12:26", "published": "2016-08-09T17:12:26", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", "id": "SUSE-SU-2016:1996-1", "title": "Security update for squid3 (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:13:39", "bulletinFamily": "unix", "description": "This update for squid3 fixes the following issues:\n\n - Multiple issues in pinger ICMP processing. (CVE-2014-7141,\n CVE-2014-7142)\n\n - CVE-2016-3947: Buffer overrun issue in pinger ICMPv6 processing.\n (bsc#973782)\n\n - CVE-2016-4554: fix header smuggling issue in HTTP Request processing\n (bsc#979010)\n\n - Fix multiple Denial of Service issues in HTTP Response processing.\n (CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572, bsc#968392,\n bsc#968393, bsc#968394, bsc#968395)\n - Regression caused by the DoS fixes above (bsc#993299)\n\n - CVE-2016-3948: Fix denial of service in HTTP Response processing\n (bsc#973783)\n\n - CVE-2016-4051: fixes buffer overflow in cachemgr.cgi (bsc#976553)\n\n - CVE-2016-4052, CVE-2016-4053, CVE-2016-4054:\n * fixes multiple issues in ESI processing (bsc#976556)\n\n - CVE-2016-4556: fixes double free vulnerability in Esi.cc (bsc#979008)\n\n - CVE-2015-5400: Improper Protection of Alternate Path (bsc#938715)\n\n - CVE-2014-6270: fix off-by-one in snmp subsystem (bsc#895773)\n\n - Memory leak in squid3 when using external_acl (bsc#976708)\n\n", "modified": "2016-08-16T18:08:55", "published": "2016-08-16T18:08:55", "id": "SUSE-SU-2016:2089-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", "type": "suse", "title": "Security update for squid3 (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:43", "bulletinFamily": "software", "description": "Buffer overflow on gopher reply parsing.", "modified": "2011-09-13T00:00:00", "published": "2011-09-13T00:00:00", "id": "SECURITYVULNS:VULN:11903", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11903", "title": "squid buffer overflow", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- --------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2304-1 security@debian.org\r\nhttp://www.debian.org/security/ Nico Golde\r\nSep 11, 2011 http://www.debian.org/security/faq\r\n- --------------------------------------------------------------------------\r\n\r\nPackage : squid3\r\nVulnerability : buffer overflow\r\nProblem type : remote\r\nDebian-specific: no\r\nDebian bug : 639755\r\nCVE IDs : CVE-2011-3205\r\n\r\nBen Hawkes discovered that squid3, a full featured Web Proxy cache\r\n&#40;HTTP proxy&#41;, is vulnerable to a buffer overflow when processing gopher\r\nserver replies. An attacker can exploit this flaw by connecting to a\r\ngopher server that returns lines longer than 4096 bytes. This may result\r\nin denial of service conditions &#40;daemon crash&#41; or the possibly the\r\nexecution of arbitrary code with rights of the squid daemon.\r\n\r\nFor the oldstable distribution &#40;lenny&#41;, this problem has been fixed in\r\nversion 3.0.STABLE8-3+lenny5.\r\n\r\nFor the stable distribution &#40;squeeze&#41;, this problem has been fixed in\r\nversion 3.1.6-1.2+squeeze1.\r\n\r\nFor the testing distribution &#40;wheezy&#41;, this problem has been fixed in\r\nversion 3.1.15-1.\r\n\r\nFor the unstable distribution &#40;sid&#41;, this problem has been fixed in\r\nversion 3.1.15-1.\r\n\r\nWe recommend that you upgrade your squid3 packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAk5s9T8ACgkQHYflSXNkfP/BUwCePxGr63dVkzanbVSwAZTkp50W\r\nliMAn1PpeT0ySsA4WxDjTbM4p6ksLFMF\r\n=mhvo\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2011-09-13T00:00:00", "published": "2011-09-13T00:00:00", "id": "SECURITYVULNS:DOC:27004", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27004", "title": "[SECURITY] [DSA 2304-1] squid3 security update", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-09-02T00:04:31", "bulletinFamily": "scanner", "description": "The remote host is missing an update to squid3\nannounced via advisory DSA 2304-1.", "modified": "2018-04-06T00:00:00", "published": "2011-09-21T00:00:00", "id": "OPENVAS:136141256231070241", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070241", "title": "Debian Security Advisory DSA 2304-1 (squid3)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2304_1.nasl 9351 2018-04-06 07:05:43Z cfischer $\n# Description: Auto-generated from advisory DSA 2304-1 (squid3)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ben Hawkes discovered that squid3, a full featured Web Proxy cache\n(HTTP proxy), is vulnerable to a buffer overflow when processing gopher\nserver replies. An attacker can exploit this flaw by connecting to a\ngopher server that returns lines longer than 4096 bytes. This may result\nin denial of service conditions (daemon crash) or the possibly the\nexecution of arbitrary code with rights of the squid daemon.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 3.0.STABLE8-3+lenny5.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.1.6-1.2+squeeze1.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 3.1.15-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.1.15-1.\n\nWe recommend that you upgrade your squid3 packages.\";\ntag_summary = \"The remote host is missing an update to squid3\nannounced via advisory DSA 2304-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202304-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70241\");\n script_version(\"$Revision: 9351 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:05:43 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-21 05:47:11 +0200 (Wed, 21 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-3205\");\n script_name(\"Debian Security Advisory DSA 2304-1 (squid3)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"squid3\", ver:\"3.0.STABLE8-3+lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squid3-cgi\", ver:\"3.0.STABLE8-3+lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squid3-common\", ver:\"3.0.STABLE8-3+lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squidclient\", ver:\"3.0.STABLE8-3+lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squid-cgi\", ver:\"3.1.6-1.2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squid3\", ver:\"3.1.6-1.2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squid3-common\", ver:\"3.1.6-1.2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squid3-dbg\", ver:\"3.1.6-1.2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squidclient\", ver:\"3.1.6-1.2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squid-cgi\", ver:\"3.1.15-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squid3\", ver:\"3.1.15-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squid3-common\", ver:\"3.1.15-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squid3-dbg\", ver:\"3.1.15-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squidclient\", ver:\"3.1.15-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-23T15:16:04", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2012-07-09T00:00:00", "id": "OPENVAS:1361412562310870678", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870678", "title": "RedHat Update for squid RHSA-2011:1293-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for squid RHSA-2011:1293-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-September/msg00016.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870678\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:45:53 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-3205\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"RHSA\", value:\"2011:1293-01\");\n script_name(\"RedHat Update for squid RHSA-2011:1293-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'squid'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"squid on Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Squid is a high-performance proxy caching server for web clients,\n supporting FTP, Gopher, and HTTP data objects.\n\n A buffer overflow flaw was found in the way Squid parsed replies from\n remote Gopher servers. A remote user allowed to send Gopher requests to a\n Squid proxy could possibly use this flaw to cause the squid child process\n to crash or execute arbitrary code with the privileges of the squid user,\n by making Squid perform a request to an attacker-controlled Gopher server.\n (CVE-2011-3205)\n\n Users of squid should upgrade to this updated package, which contains a\n backported patch to correct this issue. After installing this update, the\n squid service will be restarted automatically.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"squid\", rpm:\"squid~3.1.10~1.el6_1.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squid-debuginfo\", rpm:\"squid-debuginfo~3.1.10~1.el6_1.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-11T11:06:38", "bulletinFamily": "scanner", "description": "Check for the Version of squid", "modified": "2018-01-09T00:00:00", "published": "2012-07-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870678", "id": "OPENVAS:870678", "title": "RedHat Update for squid RHSA-2011:1293-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for squid RHSA-2011:1293-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Squid is a high-performance proxy caching server for web clients,\n supporting FTP, Gopher, and HTTP data objects.\n\n A buffer overflow flaw was found in the way Squid parsed replies from\n remote Gopher servers. A remote user allowed to send Gopher requests to a\n Squid proxy could possibly use this flaw to cause the squid child process\n to crash or execute arbitrary code with the privileges of the squid user,\n by making Squid perform a request to an attacker-controlled Gopher server.\n (CVE-2011-3205)\n\n Users of squid should upgrade to this updated package, which contains a\n backported patch to correct this issue. After installing this update, the\n squid service will be restarted automatically.\";\n\ntag_affected = \"squid on Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-September/msg00016.html\");\n script_id(870678);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:45:53 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-3205\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2011:1293-01\");\n script_name(\"RedHat Update for squid RHSA-2011:1293-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of squid\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"squid\", rpm:\"squid~3.1.10~1.el6_1.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squid-debuginfo\", rpm:\"squid-debuginfo~3.1.10~1.el6_1.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-22T16:44:12", "bulletinFamily": "scanner", "description": "Squid Proxy is prone remote buffer-overflow vulnerability affects the\n Gopher-to-HTML functionality.", "modified": "2018-10-22T00:00:00", "published": "2011-08-30T00:00:00", "id": "OPENVAS:1361412562310103233", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103233", "title": "Squid Proxy Gopher Remote Buffer Overflow Vulnerability", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_squid_49356.nasl 12006 2018-10-22 07:42:16Z mmartin $\n#\n# Squid Proxy Gopher Remote Buffer Overflow Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:squid-cache:squid\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103233\");\n script_version(\"$Revision: 12006 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-22 09:42:16 +0200 (Mon, 22 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-30 14:29:55 +0200 (Tue, 30 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-3205\");\n script_bugtraq_id(49356);\n script_name(\"Squid Proxy Gopher Remote Buffer Overflow Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2011 Greenbone Networks GmbH\");\n script_dependencies(\"secpod_squid_detect.nasl\");\n script_require_ports(\"Services/http_proxy\", 3128, \"Services/www\", 8080);\n script_mandatory_keys(\"squid_proxy_server/installed\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/49356\");\n script_xref(name:\"URL\", value:\"http://www.squid-cache.org/\");\n script_xref(name:\"URL\", value:\"http://www.squid-cache.org/Advisories/SQUID-2011_3.txt\");\n\n script_tag(name:\"summary\", value:\"Squid Proxy is prone remote buffer-overflow vulnerability affects the\n Gopher-to-HTML functionality.\");\n script_tag(name:\"impact\", value:\"An attacker can exploit this issue to execute arbitrary code with the\n privileges of the vulnerable application. Failed exploit attempts will\n result in a denial-of-service condition.\");\n script_tag(name:\"solution\", value:\"The vendor released an update. Please see the references for more\n information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_in_range( version:vers, test_version:\"3.2.0\", test_version2:\"3.2.0.10\" ) ||\n version_is_less( version:vers, test_version:\"3.1.15\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"3.1.15/3.2.0.11\" );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:55:23", "bulletinFamily": "scanner", "description": "The remote host is missing an update to squid3\nannounced via advisory DSA 2304-1.", "modified": "2017-07-07T00:00:00", "published": "2011-09-21T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=70241", "id": "OPENVAS:70241", "title": "Debian Security Advisory DSA 2304-1 (squid3)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2304_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2304-1 (squid3)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ben Hawkes discovered that squid3, a full featured Web Proxy cache\n(HTTP proxy), is vulnerable to a buffer overflow when processing gopher\nserver replies. An attacker can exploit this flaw by connecting to a\ngopher server that returns lines longer than 4096 bytes. This may result\nin denial of service conditions (daemon crash) or the possibly the\nexecution of arbitrary code with rights of the squid daemon.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 3.0.STABLE8-3+lenny5.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.1.6-1.2+squeeze1.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 3.1.15-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.1.15-1.\n\nWe recommend that you upgrade your squid3 packages.\";\ntag_summary = \"The remote host is missing an update to squid3\nannounced via advisory DSA 2304-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202304-1\";\n\n\nif(description)\n{\n script_id(70241);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-21 05:47:11 +0200 (Wed, 21 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-3205\");\n script_name(\"Debian Security Advisory DSA 2304-1 (squid3)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"squid3\", ver:\"3.0.STABLE8-3+lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squid3-cgi\", ver:\"3.0.STABLE8-3+lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squid3-common\", ver:\"3.0.STABLE8-3+lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squidclient\", ver:\"3.0.STABLE8-3+lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squid-cgi\", ver:\"3.1.6-1.2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squid3\", ver:\"3.1.6-1.2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squid3-common\", ver:\"3.1.6-1.2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squid3-dbg\", ver:\"3.1.6-1.2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squidclient\", ver:\"3.1.6-1.2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squid-cgi\", ver:\"3.1.15-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squid3\", ver:\"3.1.15-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squid3-common\", ver:\"3.1.15-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squid3-dbg\", ver:\"3.1.15-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squidclient\", ver:\"3.1.15-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:13:30", "bulletinFamily": "scanner", "description": "Squid Proxy is prone remote buffer-overflow vulnerability affects the\nGopher-to-HTML functionality.\n\nAn attacker can exploit this issue to execute arbitrary code with the\nprivileges of the vulnerable application. Failed exploit attempts will\nresult in a denial-of-service condition.", "modified": "2016-05-25T00:00:00", "published": "2011-08-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=103233", "id": "OPENVAS:103233", "title": "Squid Proxy Gopher Remote Buffer Overflow Vulnerability", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_squid_49356.nasl 3386 2016-05-25 19:06:55Z jan $\n#\n# Squid Proxy Gopher Remote Buffer Overflow Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"Squid Proxy is prone remote buffer-overflow vulnerability affects the\nGopher-to-HTML functionality.\n\nAn attacker can exploit this issue to execute arbitrary code with the\nprivileges of the vulnerable application. Failed exploit attempts will\nresult in a denial-of-service condition.\";\n\ntag_solution = \"The vendor released an update. Please see the references for more\ninformation.\";\n\nif (description)\n{\n script_id(103233);\n script_version(\"$Revision: 3386 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-05-25 21:06:55 +0200 (Wed, 25 May 2016) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-30 14:29:55 +0200 (Tue, 30 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_cve_id(\"CVE-2011-3205\");\n script_bugtraq_id(49356);\n\n script_name(\"Squid Proxy Gopher Remote Buffer Overflow Vulnerability\");\n\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.com/bid/49356\");\n script_xref(name : \"URL\" , value : \"http://www.squid-cache.org/\");\n script_xref(name : \"URL\" , value : \"http://www.squid-cache.org/Advisories/SQUID-2011_3.txt\");\n\n script_summary(\"Determine if installed Squid version is vulnerable\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2011 Greenbone Networks GmbH\");\n script_dependencies(\"secpod_squid_detect.nasl\");\n script_require_ports(\"Services/www\", 3128,8080);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"version_func.inc\");\ninclude(\"global_settings.inc\");\n\nport = get_http_port(default:3128);\nif(!get_port_state(port))exit(0);\n\nif(vers = get_version_from_kb(port:port,app:\"Squid\")) {\n\n if(version_in_range(version: vers, test_version: \"3.2.0\", test_version2: \"3.2.0.10\") ||\n version_is_less(version: vers, test_version: \"3.1.15\")) {\n security_message(port:port);\n exit(0);\n }\n\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:24:24", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2011-1293", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122087", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122087", "title": "Oracle Linux Local Check: ELSA-2011-1293", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-1293.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122087\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:12:52 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-1293\");\n script_tag(name:\"insight\", value:\"ELSA-2011-1293 - squid security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-1293\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-1293.html\");\n script_cve_id(\"CVE-2011-3205\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"squid\", rpm:\"squid~3.1.10~1.el6_1.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:55:33", "bulletinFamily": "scanner", "description": "Check for the Version of squid", "modified": "2017-07-06T00:00:00", "published": "2011-10-18T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=831469", "id": "OPENVAS:831469", "title": "Mandriva Update for squid MDVSA-2011:150 (squid)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for squid MDVSA-2011:150 (squid)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been discovered and corrected in squid:\n\n Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher\n reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and\n 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial\n of service (memory corruption and daemon restart) or possibly have\n unspecified other impact via a long line in a response. NOTE: This\n issue exists because of a CVE-2005-0094 regression (CVE-2011-3205).\n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&amp;amp;products_id=490\n \n The updated packages have been patched to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"squid on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-10/msg00025.php\");\n script_id(831469);\n script_version(\"$Revision: 6570 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-18 15:48:35 +0200 (Tue, 18 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2011:150\");\n script_cve_id(\"CVE-2005-0094\", \"CVE-2011-3205\", \"CVE-2011-3208\");\n script_name(\"Mandriva Update for squid MDVSA-2011:150 (squid)\");\n\n script_summary(\"Check for the Version of squid\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"squid\", rpm:\"squid~3.0~22.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squid-cachemgr\", rpm:\"squid-cachemgr~3.0~22.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"squid\", rpm:\"squid~3.1~14.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squid-cachemgr\", rpm:\"squid-cachemgr~3.1~14.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"squid\", rpm:\"squid~3.0~22.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squid-cachemgr\", rpm:\"squid-cachemgr~3.0~22.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-19T13:06:56", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2011-10-18T00:00:00", "id": "OPENVAS:1361412562310831469", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831469", "title": "Mandriva Update for squid MDVSA-2011:150 (squid)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for squid MDVSA-2011:150 (squid)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-10/msg00025.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831469\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-18 15:48:35 +0200 (Tue, 18 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"MDVSA\", value:\"2011:150\");\n script_cve_id(\"CVE-2005-0094\", \"CVE-2011-3205\", \"CVE-2011-3208\");\n script_name(\"Mandriva Update for squid MDVSA-2011:150 (squid)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'squid'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(mes5|2010\\.1|2009\\.0)\");\n script_tag(name:\"affected\", value:\"squid on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"A vulnerability has been discovered and corrected in squid:\n\n Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher\n reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and\n 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial\n of service (memory corruption and daemon restart) or possibly have\n unspecified other impact via a long line in a response. NOTE: This\n issue exists because of a CVE-2005-0094 regression (CVE-2011-3205).\n\n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. The updated packages have been patched to correct this issue.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://store.mandriva.com/product_info.php?cPath=149&amp;amp;products_id=490\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"squid\", rpm:\"squid~3.0~22.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squid-cachemgr\", rpm:\"squid-cachemgr~3.0~22.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"squid\", rpm:\"squid~3.1~14.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squid-cachemgr\", rpm:\"squid-cachemgr~3.1~14.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"squid\", rpm:\"squid~3.0~22.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squid-cachemgr\", rpm:\"squid-cachemgr~3.0~22.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-22T16:43:20", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 201110-24.", "modified": "2018-10-12T00:00:00", "published": "2012-02-12T00:00:00", "id": "OPENVAS:136141256231070787", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070787", "title": "Gentoo Security Advisory GLSA 201110-24 (Squid)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201110_24.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70787\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2009-2621\", \"CVE-2009-2622\", \"CVE-2009-2855\", \"CVE-2010-0308\", \"CVE-2010-0639\", \"CVE-2010-2951\", \"CVE-2010-3072\", \"CVE-2011-3205\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:40 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201110-24 (Squid)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities were found in Squid allowing attackers to\n execute arbitrary code or cause a Denial of Service.\");\n script_tag(name:\"solution\", value:\"All squid users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-proxy/squid-3.1.15'\n\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are\n available since September 4, 2011. It is likely that your system is\n already no longer affected by this issue.\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-24\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=279379\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=279380\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=301828\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=334263\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=381065\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=386215\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201110-24.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"net-proxy/squid\", unaffected: make_list(\"ge 3.1.15\"), vulnerable: make_list(\"lt 3.1.15\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:23:17", "bulletinFamily": "scanner", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression. (CVE-2011-3205)", "modified": "2018-11-15T00:00:00", "id": "SOLARIS11_SQUID_20120118.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80772", "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : squid (cve_2011_3205_buffer_overflow)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80772);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/15 20:50:24\");\n\n script_cve_id(\"CVE-2011-3205\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : squid (cve_2011_3205_buffer_overflow)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Buffer overflow in the gopherToHTML function in\n gopher.cc in the Gopher reply parser in Squid 3.0 before\n 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11\n allows remote Gopher servers to cause a denial of\n service (memory corruption and daemon restart) or\n possibly have unspecified other impact via a long line\n in a response. NOTE: This issue exists because of a\n CVE-2005-0094 regression. (CVE-2011-3205)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2011-3205-buffer-overflow-vulnerability-in-squid\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fcffecf4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11/11 SRU 03.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:squid\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^squid$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"squid\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.0.3.0.4.0\", sru:\"SRU 3\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : squid\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"squid\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:15:22", "bulletinFamily": "scanner", "description": "An updated squid package that fixes one security issue is now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nSquid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.\n\nA buffer overflow flaw was found in the way Squid parsed replies from remote Gopher servers. A remote user allowed to send Gopher requests to a Squid proxy could possibly use this flaw to cause the squid child process to crash or execute arbitrary code with the privileges of the squid user, by making Squid perform a request to an attacker-controlled Gopher server. (CVE-2011-3205)\n\nUsers of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically.", "modified": "2018-11-26T00:00:00", "id": "REDHAT-RHSA-2011-1293.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56205", "published": "2011-09-15T00:00:00", "title": "RHEL 6 : squid (RHSA-2011:1293)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1293. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56205);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2018/11/26 11:02:15\");\n\n script_cve_id(\"CVE-2011-3205\");\n script_bugtraq_id(49356);\n script_xref(name:\"RHSA\", value:\"2011:1293\");\n\n script_name(english:\"RHEL 6 : squid (RHSA-2011:1293)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated squid package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nSquid is a high-performance proxy caching server for web clients,\nsupporting FTP, Gopher, and HTTP data objects.\n\nA buffer overflow flaw was found in the way Squid parsed replies from\nremote Gopher servers. A remote user allowed to send Gopher requests\nto a Squid proxy could possibly use this flaw to cause the squid child\nprocess to crash or execute arbitrary code with the privileges of the\nsquid user, by making Squid perform a request to an\nattacker-controlled Gopher server. (CVE-2011-3205)\n\nUsers of squid should upgrade to this updated package, which contains\na backported patch to correct this issue. After installing this\nupdate, the squid service will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3205\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1293\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected squid and / or squid-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:squid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:squid-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1293\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"squid-3.1.10-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"squid-3.1.10-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"squid-3.1.10-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"squid-debuginfo-3.1.10-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"squid-debuginfo-3.1.10-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"squid-debuginfo-3.1.10-1.el6_1.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"squid / squid-debuginfo\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:15:31", "bulletinFamily": "scanner", "description": "A vulnerability has been discovered and corrected in squid :\n\nBuffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE:\nThis issue exists because of a CVE-2005-0094 regression (CVE-2011-3205).\n\nPackages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct this issue.", "modified": "2018-07-19T00:00:00", "id": "MANDRIVA_MDVSA-2011-150.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56526", "published": "2011-10-17T00:00:00", "title": "Mandriva Linux Security Advisory : squid (MDVSA-2011:150)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:150. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56526);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/19 20:59:17\");\n\n script_cve_id(\"CVE-2011-3205\");\n script_bugtraq_id(49534);\n script_xref(name:\"MDVSA\", value:\"2011:150\");\n\n script_name(english:\"Mandriva Linux Security Advisory : squid (MDVSA-2011:150)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been discovered and corrected in squid :\n\nBuffer overflow in the gopherToHTML function in gopher.cc in the\nGopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before\n3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause\na denial of service (memory corruption and daemon restart) or possibly\nhave unspecified other impact via a long line in a response. NOTE:\nThis issue exists because of a CVE-2005-0094 regression\n(CVE-2011-3205).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected squid and / or squid-cachemgr packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:squid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:squid-cachemgr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"squid-3.0-22.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"squid-cachemgr-3.0-22.5mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", reference:\"squid-3.1-14.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"squid-cachemgr-3.1-14.2mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:15:44", "bulletinFamily": "scanner", "description": "This update of squid3 fixes a buffer overflow vulnerability in the Gopher reply parser code. (CVE-2011-3205)", "modified": "2013-10-25T00:00:00", "id": "SUSE_11_SQUID3-110902.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57134", "published": "2011-12-13T00:00:00", "title": "SuSE 11.1 Security Update : squid3 (SAT Patch Number 5095)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57134);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:56:04 $\");\n\n script_cve_id(\"CVE-2011-3205\");\n\n script_name(english:\"SuSE 11.1 Security Update : squid3 (SAT Patch Number 5095)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of squid3 fixes a buffer overflow vulnerability in the\nGopher reply parser code. (CVE-2011-3205)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=715171\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3205.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5095.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:squid3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"squid3-3.1.12-8.8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:15:21", "bulletinFamily": "scanner", "description": "Upstream 3.1.15 release fixing a buffer overflow issue in gopher:// processing (SQUID-2011:3)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-07-12T00:00:00", "id": "FEDORA_2011-11854.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56138", "published": "2011-09-09T00:00:00", "title": "Fedora 14 : squid-3.1.15-1.fc14 (2011-11854)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-11854.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56138);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/12 15:01:52\");\n\n script_cve_id(\"CVE-2011-3205\");\n script_bugtraq_id(49356);\n script_xref(name:\"FEDORA\", value:\"2011-11854\");\n\n script_name(english:\"Fedora 14 : squid-3.1.15-1.fc14 (2011-11854)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream 3.1.15 release fixing a buffer overflow issue in gopher://\nprocessing (SQUID-2011:3)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=734584\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cdfb6455\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected squid package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:squid\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"squid-3.1.15-1.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"squid\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:21:54", "bulletinFamily": "scanner", "description": "This update of squid3 fixes a buffer overflow vulnerability in the Gopher reply parser code (CVE-2011-3205).", "modified": "2018-11-10T00:00:00", "id": "SUSE_11_4_SQUID3-110902.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=76030", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : squid3 (openSUSE-SU-2011:1018-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update squid3-5094.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76030);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:50:00\");\n\n script_cve_id(\"CVE-2011-3205\");\n\n script_name(english:\"openSUSE Security Update : squid3 (openSUSE-SU-2011:1018-1)\");\n script_summary(english:\"Check for the squid3-5094 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of squid3 fixes a buffer overflow vulnerability in the\nGopher reply parser code (CVE-2011-3205).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=715171\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-09/msg00012.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected squid3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:squid3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:squid3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:squid3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"squid3-3.1.11-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"squid3-debuginfo-3.1.11-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"squid3-debugsource-3.1.11-4.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"squid3 / squid3-debuginfo / squid3-debugsource\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:21:48", "bulletinFamily": "scanner", "description": "This update of squid3 fixes a buffer overflow vulnerability in the Gopher reply parser code (CVE-2011-3205).", "modified": "2018-11-10T00:00:00", "id": "SUSE_11_3_SQUID3-110902.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75747", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : squid3 (openSUSE-SU-2011:1018-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update squid3-5094.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75747);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:49:59\");\n\n script_cve_id(\"CVE-2011-3205\");\n\n script_name(english:\"openSUSE Security Update : squid3 (openSUSE-SU-2011:1018-1)\");\n script_summary(english:\"Check for the squid3-5094 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of squid3 fixes a buffer overflow vulnerability in the\nGopher reply parser code (CVE-2011-3205).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=715171\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-09/msg00012.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected squid3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:squid3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"squid3-3.0.STABLE25-2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"squid3\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:15:22", "bulletinFamily": "scanner", "description": "According to its banner, the version of Squid running on the remote host is 3.x prior to 3.0.STABLE26 / 3.1.15 / 3.2.0.11. It reportedly contains a buffer overflow when parsing responses from Gopher servers that results in memory corruption and usually causes the Squid server itself to crash.\n\nNote that Nessus has relied only on the version in the proxy server's banner, which is not updated by either of the patches the project has released to address the issue. If one of those has been applied properly and the service is restarted, consider this to be a false positive.", "modified": "2018-07-30T00:00:00", "id": "SQUID_3_2_0_11.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56215", "published": "2011-09-16T00:00:00", "title": "Squid 3.x < 3.0.STABLE26 / 3.1.15 / 3.2.0.11 Gopher Buffer Overflow", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56215);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/30 15:31:32\");\n\n script_cve_id(\"CVE-2011-3205\");\n script_bugtraq_id(49356);\n\n script_name(english:\"Squid 3.x < 3.0.STABLE26 / 3.1.15 / 3.2.0.11 Gopher Buffer Overflow\");\n script_summary(english:\"Checks version of Squid\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote proxy server is affected by a buffer overflow.\");\n\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Squid running on the remote\nhost is 3.x prior to 3.0.STABLE26 / 3.1.15 / 3.2.0.11. It reportedly\ncontains a buffer overflow when parsing responses from Gopher servers\nthat results in memory corruption and usually causes the Squid server\nitself to crash.\n\nNote that Nessus has relied only on the version in the proxy server's\nbanner, which is not updated by either of the patches the project has\nreleased to address the issue. If one of those has been applied\nproperly and the service is restarted, consider this to be a false\npositive.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.squid-cache.org/Advisories/SQUID-2011_3.txt\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Squid version 3.0.STABLE26 / 3.1.15 / 3.2.0.11 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/16\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:squid-cache:squid\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Firewalls\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"squid_version.nasl\");\n script_require_keys(\"www/squid\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/http_proxy\", 3128, 8080);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# Build a list of ports from the\nlist = get_kb_list(\"http_proxy/*/squid/version\");\nif (isnull(list)) exit(0, \"The host does not appear to be running a Squid proxy server.\");\n\nvulnerable = FALSE;\nforeach item (keys(list))\n{\n port = ereg_replace(pattern:'^http_proxy/([0-9]+)/squid/version', replace:'\\\\1', string:item);\n version = list[item];\n\n if (\n (version =~ '^3\\\\.0\\\\.(RC|PRE)[0-9]') ||\n (version =~ '^3\\\\.0\\\\.STABLE([0-9]|1[0-9]|2[0-5])([^0-9]|$)') ||\n (version =~ '^3\\\\.1\\\\.([0-9]|1[0-4])([^0-9]|$)') ||\n (version =~ '^3\\\\.2\\\\.0\\\\.([0-9]|10)([^0-9]|$)')\n )\n {\n vulnerable = TRUE;\n if (report_verbosity > 0)\n {\n source = get_kb_item('http_proxy/'+port+'/squid/source');\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 3.0.STABLE26 / 3.1.15 / 3.2.0.11' + '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port:port);\n }\n}\nif (!vulnerable)\n{\n exit(0, \"No vulnerable Squid installs were detected on the remote host.\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:17:19", "bulletinFamily": "scanner", "description": "Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.\n\nA buffer overflow flaw was found in the way Squid parsed replies from remote Gopher servers. A remote user allowed to send Gopher requests to a Squid proxy could possibly use this flaw to cause the squid child process to crash or execute arbitrary code with the privileges of the squid user, by making Squid perform a request to an attacker-controlled Gopher server.\n\nUsers of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically.", "modified": "2018-12-31T00:00:00", "id": "SL_20110914_SQUID_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61135", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : squid on SL6.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61135);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/12/31 11:35:00\");\n\n script_cve_id(\"CVE-2011-3205\");\n\n script_name(english:\"Scientific Linux Security Update : squid on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Squid is a high-performance proxy caching server for web clients,\nsupporting FTP, Gopher, and HTTP data objects.\n\nA buffer overflow flaw was found in the way Squid parsed replies from\nremote Gopher servers. A remote user allowed to send Gopher requests\nto a Squid proxy could possibly use this flaw to cause the squid child\nprocess to crash or execute arbitrary code with the privileges of the\nsquid user, by making Squid perform a request to an\nattacker-controlled Gopher server.\n\nUsers of squid should upgrade to this updated package, which contains\na backported patch to correct this issue. After installing this\nupdate, the squid service will be restarted automatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1109&L=scientific-linux-errata&T=0&P=2201\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9adada2a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected squid and / or squid-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"squid-3.1.10-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"squid-debuginfo-3.1.10-1.el6_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:15:21", "bulletinFamily": "scanner", "description": "Ben Hawkes discovered that Squid 3, a full featured Web Proxy cache (HTTP proxy), is vulnerable to a buffer overflow when processing Gopher server replies. An attacker can exploit this flaw by connecting to a Gopher server that returns lines longer than 4096 bytes. This may result in denial of service conditions (daemon crash) or the possibly the execution of arbitrary code with rights of the squid daemon.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-2304.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56143", "published": "2011-09-12T00:00:00", "title": "Debian DSA-2304-1 : squid3 - buffer overflow", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2304. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56143);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/10 11:49:35\");\n\n script_cve_id(\"CVE-2011-3205\");\n script_bugtraq_id(49356);\n script_xref(name:\"DSA\", value:\"2304\");\n\n script_name(english:\"Debian DSA-2304-1 : squid3 - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ben Hawkes discovered that Squid 3, a full featured Web Proxy cache\n(HTTP proxy), is vulnerable to a buffer overflow when processing\nGopher server replies. An attacker can exploit this flaw by connecting\nto a Gopher server that returns lines longer than 4096 bytes. This may\nresult in denial of service conditions (daemon crash) or the possibly\nthe execution of arbitrary code with rights of the squid daemon.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/squid3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2304\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the squid3 packages.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 3.0.STABLE8-3+lenny5.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.1.6-1.2+squeeze1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squid3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"squid3\", reference:\"3.0.STABLE8-3+lenny5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"squid-cgi\", reference:\"3.1.6-1.2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"squid3\", reference:\"3.1.6-1.2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"squid3-common\", reference:\"3.1.6-1.2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"squid3-dbg\", reference:\"3.1.6-1.2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"squidclient\", reference:\"3.1.6-1.2+squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:14:23", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA-2304-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nSep 11, 2011 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : squid3\nVulnerability : buffer overflow\nProblem type : remote\nDebian-specific: no\nDebian bug : 639755\nCVE IDs : CVE-2011-3205\n\nBen Hawkes discovered that squid3, a full featured Web Proxy cache\n(HTTP proxy), is vulnerable to a buffer overflow when processing gopher\nserver replies. An attacker can exploit this flaw by connecting to a\ngopher server that returns lines longer than 4096 bytes. This may result\nin denial of service conditions (daemon crash) or the possibly the\nexecution of arbitrary code with rights of the squid daemon.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 3.0.STABLE8-3+lenny5.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.1.6-1.2+squeeze1.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 3.1.15-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.1.15-1.\n\nWe recommend that you upgrade your squid3 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2011-09-11T18:09:08", "published": "2011-09-11T18:09:08", "id": "DEBIAN:DSA-2304-1:96DC3", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00183.html", "title": "[SECURITY] [DSA 2304-1] squid3 security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:49:12", "bulletinFamily": "unix", "description": "[7:3.1.10-1.el6_1.1]\n- Resolves: #735447 - CVE-2011-3205 squid: buffer overflow flaw in Squid's Gopher reply parser", "modified": "2011-09-14T00:00:00", "published": "2011-09-14T00:00:00", "id": "ELSA-2011-1293", "href": "http://linux.oracle.com/errata/ELSA-2011-1293.html", "title": "squid security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:42", "bulletinFamily": "unix", "description": "### Background\n\nSquid is a full-featured web proxy cache. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Squid. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nRemote unauthenticated attackers may be able to execute arbitrary code with the privileges of the Squid process or cause a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll squid users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-proxy/squid-3.1.15\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 4, 2011. It is likely that your system is already no longer affected by this issue.", "modified": "2011-10-26T00:00:00", "published": "2011-10-26T00:00:00", "id": "GLSA-201110-24", "href": "https://security.gentoo.org/glsa/201110-24", "type": "gentoo", "title": "Squid: Multiple vulnerabilities", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}