FreeBSD : squid -- possible cache-poisoning via malformed HTTP responses (b4d94fa0-6e38-11d9-9e1e-c296ac722cb3)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The squid patches page notes :

This patch makes Squid considerably stricter while parsing the HTTP
protocol.

- A Content-length header should only appear once in a valid request
or response. Multiple Content-length headers, in conjunction with
specially crafted requests, may allow Squid's cache to be poisoned
with bad content in certain situations.

- CR characters is only allowed as part of the CR NL line terminator,
not alone. This to ensure that all involved agrees on the structure of
HTTP headers.

- Rejects requests/responses that have whitespace in an HTTP header
name.

To enable these strict parsing rules, update to at least squid-2.5.7_9
and specify relaxed_header_parser off in squid.conf.

See also :

http://www.nessus.org/u?f705228c
http://www.nessus.org/u?fdd845bf

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 19089 (freebsd_pkg_b4d94fa06e3811d99e1ec296ac722cb3.nasl)

Bugtraq ID:

CVE ID: CVE-2005-0174

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now