Executive Summary
Summary | |
---|---|
Title | squid security and bug fix update |
Informations | |||
---|---|---|---|
Name | RHSA-2010:0221 | First vendor Publication | 2010-03-30 |
Vendor | RedHat | Last vendor Modification | 2010-03-30 |
Severity (Vendor) | Low | Revision | 04 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An updated squid package that fixes two security issues and several bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A flaw was found in the way Squid processed certain external ACL helper HTTP header fields that contained a delimiter that was not a comma. A remote attacker could issue a crafted request to the Squid server, causing excessive CPU use (up to 100%). (CVE-2009-2855) Note: The CVE-2009-2855 issue only affected non-default configurations that use an external ACL helper script. A flaw was found in the way Squid handled truncated DNS replies. A remote attacker able to send specially-crafted UDP packets to Squid's DNS client port could trigger an assertion failure in Squid's child process, causing that child process to exit. (CVE-2010-0308) This update also fixes the following bugs: * Squid's init script returns a non-zero value when trying to stop a stopped service. This is not LSB compliant and can generate difficulties in cluster environments. This update makes stopping LSB compliant. (BZ#521926) * Squid is not currently built to support MAC address filtering in ACLs. This update includes support for MAC address filtering. (BZ#496170) * Squid is not currently built to support Kerberos negotiate authentication. This update enables Kerberos authentication. (BZ#516245) * Squid does not include the port number as part of URIs it constructs when configured as an accelerator. This results in a 403 error. This update corrects this behavior. (BZ#538738) * the error_map feature does not work if the same handling is set also on the HTTP server that operates in deflate mode. This update fixes this issue. (BZ#470843) All users of squid should upgrade to this updated package, which resolves these issues. After installing this update, the squid service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 496170 - Add arp filter option 516245 - negotiate support not enabled in squid (for kerberized sso) 518182 - CVE-2009-2855 DoS (100% CPU use) while processing certain external ACL helper HTTP headers 521926 - squid 'stop after stop' is not LSB compliant 538738 - Squid accelerator mode works only if port 80 is opened 556389 - CVE-2010-0308 squid: temporary DoS (assertion failure) triggered by truncated DNS packet (SQUID-2010:1) |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2010-0221.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10592 | |||
Oval ID: | oval:org.mitre.oval:def:10592 | ||
Title: | The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function. | ||
Description: | The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2855 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:11270 | |||
Oval ID: | oval:org.mitre.oval:def:11270 | ||
Title: | lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header. | ||
Description: | lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0308 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:13267 | |||
Oval ID: | oval:org.mitre.oval:def:13267 | ||
Title: | DSA-1991-1 squid/squid3 -- denial of service | ||
Description: | Two denial of service vulnerabilities have been discovered in squid and squid3, a web proxy. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2855 Bastian Blank discovered that it is possible to cause a denial of service via a crafted auth header with certain comma delimiters. CVE-2010-0308 Tomas Hoger discovered that it is possible to cause a denial of service via invalid DNS header-only packets. For the stable distribution, these problems have been fixed in version 2.7.STABLE3-4.1lenny1 of the squid package and version 3.0.STABLE8-3+lenny3 of the squid3 package. For the oldstable distribution, these problems have been fixed in version 2.6.5-6etch5 of the squid package and version 3.0.PRE5-5+etch2 of the squid3 package. For the testing distribution and the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your squid/squid3 packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1991-1 CVE-2009-2855 CVE-2010-0308 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | squid/squid3 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13281 | |||
Oval ID: | oval:org.mitre.oval:def:13281 | ||
Title: | USN-901-1 -- squid vulnerabilities | ||
Description: | It was discovered that Squid incorrectly handled certain auth headers. A remote attacker could exploit this with a specially-crafted auth header and cause Squid to go into an infinite loop, resulting in a denial of service. This issue only affected Ubuntu 8.10, 9.04 and 9.10. It was discovered that Squid incorrectly handled certain DNS packets. A remote attacker could exploit this with a specially-crafted DNS packet and cause Squid to crash, resulting in a denial of service | ||
Family: | unix | Class: | patch |
Reference(s): | USN-901-1 CVE-2009-2855 CVE-2010-0308 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 8.10 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | squid |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22197 | |||
Oval ID: | oval:org.mitre.oval:def:22197 | ||
Title: | RHSA-2010:0221: squid security and bug fix update (Low) | ||
Description: | lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0221-04 CVE-2009-2855 CVE-2010-0308 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | squid |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22519 | |||
Oval ID: | oval:org.mitre.oval:def:22519 | ||
Title: | ELSA-2010:0221: squid security and bug fix update (Low) | ||
Description: | lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0221-04 CVE-2009-2855 CVE-2010-0308 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | squid |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28087 | |||
Oval ID: | oval:org.mitre.oval:def:28087 | ||
Title: | DEPRECATED: ELSA-2010-0221 -- squid security and bug fix update (low) | ||
Description: | [7:2.6.STABLE21-6] - Resolves: #561828 - CVE-2009-2855 CVE-2010-0308 squid various flaws [rhel-5.5] [7:2.6.STABLE21-5] - Resolves: #538738 - improved patch [7:2.6.STABLE21-4] - Resolves: #521926 - squid 'stop after stop' is not LSB compliant - Resolves: #496170 - Add arp filter option - Resolves: #516245 - negotiate support not enabled in squid - Resolves: #538738 - Squid accelerator mode works only if port 80 is opened - Resolves: #470843 - Squid 'error_map' does not work when used 'Accep-Encoding: gzip' | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0221 CVE-2010-0308 CVE-2009-2855 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | squid |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7325 | |||
Oval ID: | oval:org.mitre.oval:def:7325 | ||
Title: | DSA-1991 squid/squid3 -- denial of service | ||
Description: | Two denial of service vulnerabilities have been discovered in squid and squid3, a web proxy. The Common Vulnerabilities and Exposures project identifies the following problems: Bastian Blank discovered that it is possible to cause a denial of service via a crafted auth header with certain comma delimiters. Tomas Hoger discovered that it is possible to cause a denial of service via invalid DNS header-only packets. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1991 CVE-2009-2855 CVE-2010-0308 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | squid/squid3 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-24 (Squid) File : nvt/glsa_201110_24.nasl |
2010-04-06 | Name : RedHat Update for squid RHSA-2010:0221-04 File : nvt/gb_RHSA-2010_0221-04_squid.nasl |
2010-03-22 | Name : Fedora Update for squid FEDORA-2010-2434 File : nvt/gb_fedora_2010_2434_squid_fc11.nasl |
2010-02-19 | Name : Ubuntu Update for squid vulnerabilities USN-901-1 File : nvt/gb_ubuntu_USN_901_1.nasl |
2010-02-10 | Name : Debian Security Advisory DSA 1991-1 (squid/squid3) File : nvt/deb_1991_1.nasl |
2010-02-10 | Name : FreeBSD Ports: squid File : nvt/freebsd_squid24.nasl |
2010-02-08 | Name : Mandriva Update for squid MDVSA-2010:033 (squid) File : nvt/gb_mandriva_MDVSA_2010_033.nasl |
2010-02-08 | Name : Squid 'lib/rfc1035.c' Denial Of Service Vulnerability File : nvt/gb_squid_dos_vuln_feb10.nasl |
2010-01-15 | Name : Mandriva Update for squid MDVSA-2009:241-1 (squid) File : nvt/gb_mandriva_MDVSA_2009_241_1.nasl |
2010-01-04 | Name : BigAnt IM Server 'USV' Request Buffer Overflow Vulnerability File : nvt/BigAnt_37522.nasl |
2010-01-04 | Name : Squid Header-Only Packets Remote Denial of Service Vulnerability File : nvt/squid_37522.nasl |
2009-09-28 | Name : Mandrake Security Advisory MDVSA-2009:241 (squid) File : nvt/mdksa_2009_241.nasl |
2009-08-24 | Name : Squid External Auth Header Parser DOS Vulnerabilities File : nvt/secpod_squid_dos_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62044 | Squid lib/rfc1035.c Header-only DNS Packet Handling Remote DoS |
57193 | Squid src/HttpHeaderTools.c strListGetItem Function Remote DoS |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Squid strListGetItem denial of service attempt RuleID : 15994 - Revision : 14 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100330_squid_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2011-10-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-24.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_squid-6931.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0221.nasl - Type : ACT_GATHER_INFO |
2010-03-23 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_squid-6930.nasl - Type : ACT_GATHER_INFO |
2010-03-23 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_squid-100316.nasl - Type : ACT_GATHER_INFO |
2010-03-23 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12597.nasl - Type : ACT_GATHER_INFO |
2010-03-23 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_squid-100316.nasl - Type : ACT_GATHER_INFO |
2010-03-23 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_squid-100318.nasl - Type : ACT_GATHER_INFO |
2010-03-23 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_squid-100318.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1991.nasl - Type : ACT_GATHER_INFO |
2010-02-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-901-1.nasl - Type : ACT_GATHER_INFO |
2010-02-07 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-033.nasl - Type : ACT_GATHER_INFO |
2010-02-05 | Name : The remote proxy server is prone to a denial of service attack. File : squid_auth_header_dos.nasl - Type : ACT_GATHER_INFO |
2010-02-02 | Name : The remote proxy server is prone to a denial of service attack. File : squid_3_0_23.nasl - Type : ACT_GATHER_INFO |
2010-02-02 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_296ecb590f6b11df8bab0019996bc1f7.nasl - Type : ACT_GATHER_INFO |
2010-01-12 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-241.nasl - Type : ACT_GATHER_INFO |
2009-11-16 | Name : The remote backup client is susceptible to multiple attacks. File : ibm_tsm_client_swg21405562.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:53:23 |
|