FreeBSD : squid -- TLS/SSL parser denial of service vulnerability (d3a98c2d-5da1-11e5-9909-002590263bf5)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Amos Jeffries, release manager of the Squid-3 series, reports :

Vulnerable versions are 3.5.0.1 to 3.5.8 (inclusive), which are built
with OpenSSL and configured for 'SSL-Bump' decryption.

Integer overflows can lead to invalid pointer math reading from random
memory on some CPU architectures. In the best case this leads to wrong
TLS extensions being used for the client, worst-case a crash of the
proxy terminating all active transactions.

Incorrect message size checks and assumptions about the existence of
TLS extensions in the SSL/TLS handshake message can lead to very high
CPU consumption (up to and including 'infinite loop' behaviour).

The above can be triggered remotely. Though there is one layer of
authorization applied before this processing to check that the client
is allowed to use the proxy, that check is generally weak. MS Skype on
Windows XP is known to trigger some of these.

The FreeBSD port does not use SSL by default and is not vulnerable in
the default configuration.

See also :

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203186
http://www.squid-cache.org/Advisories/SQUID-2015_3.txt
http://www.openwall.com/lists/oss-security/2015/09/18/1
http://www.nessus.org/u?a694fe47

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 85996 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now