Detections
Analytics

FreeBSD : squid -- TLS/SSL parser denial of service vulnerability (d3a98c2d-5da1-11e5-9909-002590263bf5)

high Nessus Plugin ID 85996

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Amos Jeffries, release manager of the Squid-3 series, reports :

Vulnerable versions are 3.5.0.1 to 3.5.8 (inclusive), which are built with OpenSSL and configured for 'SSL-Bump' decryption.

Integer overflows can lead to invalid pointer math reading from random memory on some CPU architectures. In the best case this leads to wrong TLS extensions being used for the client, worst-case a crash of the proxy terminating all active transactions.

Incorrect message size checks and assumptions about the existence of TLS extensions in the SSL/TLS handshake message can lead to very high CPU consumption (up to and including 'infinite loop' behaviour).

The above can be triggered remotely. Though there is one layer of authorization applied before this processing to check that the client is allowed to use the proxy, that check is generally weak. MS Skype on Windows XP is known to trigger some of these.

The FreeBSD port does not use SSL by default and is not vulnerable in the default configuration.

Solution

Update the affected package.

See Also

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203186

http://www.squid-cache.org/Advisories/SQUID-2015_3.txt

https://www.openwall.com/lists/oss-security/2015/09/18/1

http://www.nessus.org/u?e22c51e1

Plugin Details

Severity: High

ID: 85996

File Name: freebsd_pkg_d3a98c2d5da111e59909002590263bf5.nasl

Version: 2.7

Type: local

Published: 9/18/2015

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:squid, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 9/18/2015

Vulnerability Publication Date: 9/18/2015