Squid 3.x < 3.5.17 / 4.x < 4.0.9 Esi.cc Multiple Vulnerabilities

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote proxy server is affected by multiple vulnerabilities.

Description :

According to its banner, the version of Squid running on the remote
host is 3.x prior to 3.5.17 or 4.x prior to 4.0.9. It is, therefore,
affected by multiple vulnerabilities :

- An assertion fault exists in file esi/Esi.cc that is
triggered when handling ESI responses. An
unauthenticated, remote attacker can exploit this, via
an HTTP server that uses specially crafted Edge Side
Includes (ESI), to cause a denial of service condition
or the execution of arbitrary code. (CVE-2016-4052)

- A flaw exists in file esi/Esi.cc due to improper
validation of user-supplied input when handling ESI
responses. An unauthenticated, remote attacker can
exploit this, via specially crafted ESI responses, to
disclose sensitive stack layout information.
(CVE-2016-4053)

- A buffer overflow condition exists in file esi/Esi.cc
due to improper validation of user-supplied input when
handling ESI responses. An unauthenticated, remote
attacker can exploit this, via specially crafted ESI
responses, to cause a denial of service condition
or the execution of arbitrary code. (CVE-2016-4054)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.
Furthermore, the patch released to address these issues does not
update the version given in the banner. If the patch has been applied
properly, and the service has been restarted, then consider this to be
a false positive.

See also :

http://www.squid-cache.org/Advisories/
http://www.squid-cache.org/Advisories/SQUID-2016_6.txt

Solution :

Upgrade to Squid version 3.5.17 / 4.0.9 or later. Alternatively, apply
the vendor-supplied patch.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Firewalls

Nessus Plugin ID: 91193 ()

Bugtraq ID:

CVE ID: CVE-2016-4052
CVE-2016-4053
CVE-2016-4054

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now