Squid < 2.5.STABLE8 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 2537

Synopsis

The remote proxy server is missing a critical security patch or upgrade.

Description

The remote Squid caching proxy, according to its version number, is vulnerable to several security flaws :

- There is a buffer overflow issue when handling the reply of a rogue gopher site. To exploit this issue, an attacker would need to use the remote proxy to visit a specially setup gopher site generating malformed replies

- There is a denial of service vulnerability in the WCCP code of the remote proxy. To exploit this flaw, an attacker would need to guess the IP of the WCCP router used by the proxy and spoof a malformed UDP packet using the router IP address. There are several flaws in the way that the Squid proxy caches pages.
An attacker exploiting these flaws would be able to poison the Squid
cache.

Solution

Upgrade to Squid 2.5.STABLE8 or higher.

See Also

http://www.squid-cache.org/Versions/v2/2.5/bugs

Plugin Details

Severity: Medium

ID: 2537

Family: Web Servers

Published: 1/19/2005

Updated: 3/6/2019

Nessus ID: 16190

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 5.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:squid-cache:squid

Patch Publication Date: 5/2/2005

Vulnerability Publication Date: 5/2/2005

Reference Information

CVE: CVE-2005-0094, CVE-2005-0095, CVE-2005-0173, CVE-2005-0174, CVE-2005-0175, CVE-2005-0211, CVE-2005-0241

BID: 12276, 12412, 12431, 12432, 12433, 12275, 13434, 13435