High Nessus Plugin ID 16372
SynopsisThe remote host is missing a vendor-supplied security patch
DescriptionThe remote host is missing the patch for the advisory SUSE-SA:2005:006 (squid).
Squid is a feature-rich web-proxy with support for various web-related protocols.
The last two squid updates from February the 1st and 10th fix several vulnerabilities. The impact of them range from remote denial-of-service over cache poisoning to possible remote command execution.
Due to the hugh amount of bugs the vulnerabilities are just summarized here.
CVE-2005-0094 A buffer overflow in the Gopher responses parser leads to memory corruption and usually crash squid.
CVE-2005-0095 An integer overflow in the receiver of WCCP (Web Cache Communication Protocol) messages can be exploited remotely by sending a specially crafted UDP datagram to crash squid.
CVE-2005-0096 A memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial-of-service due to uncontrolled memory consumption.
CVE-2005-0097 The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a crash od squid by sending a malformed NTLM message.
CVE-2005-0173 LDAP handles search filters very laxly. This behaviour can be abused to log in using several variants of a login name, possibly bypassing explicit access controls or confusing accounting.
CVE-2005-0175 and CVE-2005-0174 Minor problems in the HTTP header parsing code that can be used for cache poisoning.
CVE-2005-0211 A buffer overflow in the WCCP handling code in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial-of-service and possibly execute arbitrary code by using a long WCCP packet.
CVE-2005-0241 The httpProcessReplyHeader function in Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling 'oversized' HTTP reply headers. The impact is unknown.