Squid Proxy Cache Security Update Advisory SQUID-2018:2 (Linux)

Published: 2018-02-09 18:08:28
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Detection Type:
Remote Banner Unreliable

Solution Type:
Vendor Patch

Summary:
Squid is vulnerable to denial of service attack when processing ESI responses. This NVT has been deprecated and merged into 'Squid Proxy Cache Security Update Advisory SQUID-2018:2' (OID:1.3.6.1.4.1.25623.1.0.107297)

Detection Method:
Checks if a vulnerable version is present on the target host.

Technical Details:
Due to incorrect pointer handling Squid is vulnerable to denial of service attack when processing ESI responses or downloading intermediate CA certificates.

Impact:
This problem allows a remote server delivering certain ESI response syntax to trigger a denial of service for all clients accessing the Squid service.

Affected Versions:
Squid 3.x -> 3.5.27, Squid 4.x -> 4.0.22.

Recommendations:
Updated Packages: This bug is fixed by Squid version 4.0.23. In addition, patches addressing this problem for the stable releases can be found in our patch archives for Squid 3.5 and Squid 4. If you are using a preLinux Distribution Packaged version of Squid then please refer to the Linux Distribution Package vendor for availability information on updated Linux Distribution Packages.

deprecated=1

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2018-1000027

References:

http://www.squid-cache.org/Advisories/SQUID-2018_2.txt
http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch
http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patch

Search
Severity
Medium
CVSS Score
5.0

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.