FreeBSD : squid -- buffer overflow in WCCP recvfrom() call (23fb5a04-722b-11d9-9e1e-c296ac722cb3)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

According to the Squid Proxy Cache Security Update Advisory
SQUID-2005:3,

The WCCP recvfrom() call accepts more data than will fit in the
allocated buffer. An attacker may send a larger-than-normal WCCP
message to Squid and overflow this buffer.

Severity :

The bug is important because it allows remote attackers to crash
Squid, causing a disription in service. However, the bug is
exploitable only if you have configured Squid to send WCCP messages
to, and expect WCCP replies from, a router.

Sites that do not use WCCP are not vulnerable.

Note that while the default configuration of the FreeBSD squid port
enables WCCP support in general, the default configuration supplied
does not actually configure squid to send and receive WCCP messages.

See also :

http://www.squid-cache.org/Advisories/SQUID-2005_3.txt
http://www.nessus.org/u?2018e6af
http://bugs.squid-cache.org/show_bug.cgi?id=1217
http://www.nessus.org/u?275535b9

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 18872 (freebsd_pkg_23fb5a04722b11d99e1ec296ac722cb3.nasl)

Bugtraq ID:

CVE ID: CVE-2005-0211

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now