oss-sec mailing list archives
CVE Request: Squid HTTP Caching Proxy multiple issues
From: Amos Jeffries <squid3 () treenet co nz>
Date: Thu, 21 Apr 2016 02:29:26 +1200
Hi, several vulnerabilities have been reported in Squid proxy. A buffer overflow in the cachemgr.cgi tool reported by CESG (CESG REF: 56397140 / VULNERABILITY ID: 394201) allows remote clients to perform an indirect denial of service attack on the proxy administrator. It could be used trivially to hide other activities from inspection. Or be used to perform remote code execution on systems without overflow protection. This bug was also independently reported by Yuriy M. Kaminskiy. The cachemgr.cgi tool is vulnerable when built from; Squid-3.x up to and including 3.5.16, Squid-4.x up to and including 4.0.8, and Squid-2.x all versions. Upstream report will be at: <http://www.squid-cache.org/Advisories/SQUID-2016_5.txt> Patches at: <http://www.squid-cache.org/Versions/v4/changesets/squid-4-14643.patch> <http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_5.patch> <http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_5.patch> <http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_5.patch> <http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2016_5.patch> Multiple on-stack buffer overflow from incorrect bounds calculation in Squid ESI processing has been reported by CESG (CESG REF: 56284998 / VULNERABILITY ID: 393536) which allows remote code execution or denial of service if depending on the OS overflow protections which are active. Further investigation has found that when compiler optimization is applied incorrect use of assert() leads to information disclosure of stack contents to remote clients and a second buffer overflow leads to further remote code execution possibilities. Squid-2.x are not vulnerable. Squid-3.x up to and including 3.5.16, Squid-4.x up to and including 4.0.8, when built with --enable-esi and used for either CDN reverse-proxy or TLS MITM are vulnerable. Upstream report will be at: <http://www.squid-cache.org/Advisories/SQUID-2016_6.txt> Patches at: <http://www.squid-cache.org/Versions/v4/changesets/squid-4-14648.patch> <http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch> <http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch> <http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12697.patch> <http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11841.patch> PS. Some of our mirrors may not be updated for up to 24hrs. The "www." in URLs can be replaced with "west." to fetch from a more up to date mirror directly if one has trouble. Amos Jeffries Squid Software Foundation
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE Request: Squid HTTP Caching Proxy multiple issues Amos Jeffries (Apr 20)
- Re: CVE Request: Squid HTTP Caching Proxy multiple issues cve-assign (Apr 20)