FreeBSD : squid -- remote DoS in HTTP response processing (660ebbf5-daeb-11e5-b2bd-002590263bf5)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Squid security advisory 2016:2 reports :

Due to incorrect bounds checking Squid is vulnerable to a denial of
service attack when processing HTTP responses.

These problems allow remote servers delivering certain unusual HTTP
response syntax to trigger a denial of service for all clients
accessing the Squid service.

HTTP responses containing malformed headers that trigger this issue
are becoming common. We are not certain at this time if that is a sign
of malware or just broken server scripting.

See also :

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207454
http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
http://www.openwall.com/lists/oss-security/2016/02/24/12
http://www.nessus.org/u?b33f7aff

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 88944 ()

Bugtraq ID:

CVE ID: CVE-2016-2569
CVE-2016-2570
CVE-2016-2571

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now