Squid SNMP Module asn_parse_header() Function Remote DoS

medium Nessus Plugin ID 15463

Synopsis

The remote proxy server is prone to a denial of service attack.

Description

The remote Squid caching proxy, according to its version number, may be vulnerable to a remote denial of service attack.

This flaw is caused due to an input validation error in the SNMP module, and exploitation requires that Squid not only was built to support it but also configured to use it.

An attacker can exploit this flaw to crash the server with a specially crafted UDP packet.

Note that Nessus reports this vulnerability using only the version number in Squid's banner, so this might be a false positive.

Solution

Upgrade to squid 2.5.STABLE7 / squid 3.0.STABLE7 or later.

See Also

http://www.nessus.org/u?02d8db5a

Plugin Details

Severity: Medium

ID: 15463

File Name: squid_rdos.nasl

Version: 1.31

Type: remote

Family: Firewalls

Published: 10/12/2004

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:squid-cache:squid

Required KB Items: Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 2/11/2005

Vulnerability Publication Date: 10/5/2004

Reference Information

CVE: CVE-2004-0918

BID: 11385

CWE: 399