Squid cachemgr.cgi Proxied Port Scanning

high Nessus Plugin ID 10034

Synopsis

The remote web server contains a CGI application that has no access restrictions.

Description

RedHat Linux 6.0 installs by default a squid cache manager cgi script with no restricted access permissions. This script could be used to perform a port scan from the cgi-host machine.

Solution

If you are not using the box as a Squid www proxy/cache server then uninstall the package by executing :

/etc/rc.d/init.d/squid stop ; rpm -e squid

If you want to continue using the Squid proxy server software, make the following actions to tighten security access to the manager interface :

mkdir /home/httpd/protected-cgi-bin mv /home/httpd/cgi-bin/cachemgr.cgi /home/httpd/protected-cgi-bin/

And add the following directives to /etc/httpd/conf/access.conf and srm.conf :

--- start access.conf segment --- # Protected cgi-bin directory for programs that # should not have public access order deny,allow deny from all allow from localhost #allow from .your_domain.com AllowOverride None Options ExecCGI
--- end access.conf segment ---

--- start srm.conf segment --- ScriptAlias /protected-cgi-bin/ /home/httpd/protected-cgi-bin/
--- end srm.conf segment ---

See Also

https://seclists.org/bugtraq/1999/Jul/183

Plugin Details

Severity: High

ID: 10034

File Name: cachemgr_cgi.nasl

Version: 1.35

Type: remote

Family: CGI abuses

Published: 8/22/1999

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.1

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 7/23/1999

Reference Information

CVE: CVE-1999-0710

BID: 2059