SecurityTracker.com Archives - (Debian Issues Fix) Squid SNMP Parsing Error Lets Remote Users Restart the Proxy Server

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker
Archives

Sign Up

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Affiliates

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Partners

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > Squid

Vendors: Squid-cache.org

(Debian Issues Fix) Squid SNMP Parsing Error Lets Remote Users Restart the Proxy Server

SecurityTracker Alert ID: 1011998

SecurityTracker URL: http://securitytracker.com/id?1011998

CVE Reference: CAN-2004-0918 (Links to External Site)

Date: Oct 29 2004

Impact: Denial of service via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 2.5-STABLE6, 3.0-PRE3-20040702; when compiled with SNMP support

Description: iDEFENSE reported a vulnerability in Squid in the SNMP service. A remote user can cause denial of service conditions.

It is reported that a remote user can supply a specially crafted SNMP packet to trigger an ASN1 parsing error and cause Squid to restart, dropping all current connections.

The flaw resides in the asn_parse_header() function in 'snmplib/asn1.c'.

The system is affected if compiled with SNMP support.

The vendor was notified on September 15, 2004.

The original advisory is available at:

http://www.idefense.com/application/poi/display?id=152&type=vulnerabilities

Impact: A remote user can cause the proxy services to restart.

Vendor URL: www.squid-cache.org/ (Links to External Site)

Cause: Exception handling error, Input validation error

Underlying OS: Linux (Debian)

Underlying OS Comments: 3.0

Reported By: joey@infodrom.org (Martin Schulze)

Message History: This archive entry is a follow-up to the message listed below.

Oct 11 2004

Squid SNMP Parsing Error Lets Remote Users Restart the Proxy Server

Source Message Contents

Date: Fri, 29 Oct 2004 07:41:12 +0200 (CEST)
From: joey@infodrom.org (Martin Schulze)
Subject: [SECURITY] [DSA 576-1] New Squid packages fix several vulnerabilities

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 576-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
October 29th, 2004                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : squid
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-1999-0710 CAN-2004-0918
Debian Bug     : 133131

Several security vulnerabilities have been discovered in Squid, the
internet object cache, the popular WWW proxy cache.  The Common
Vulnerabilities and Exposures project identifies the following
problems:

CVE-1999-0710

    It is possible to bypass access lists and scan arbitrary hosts and
    ports in the network through cachemgr.cgi, which is installed by
    default.  This update disables this feature and introduces a
    configuration file (/etc/squid/cachemgr.conf) to control
    this behavier.

CAN-2004-0918

    The asn_parse_header function (asn1.c) in the SNMP module for
    Squid allows remote attackers to cause a denial of service via
    certain SNMP packets with negative length fields that causes a
    memory allocation error.

For the stable distribution (woody) these problems have been fixed in
version 2.4.6-2woody4.

For the unstable distribution (sid) these problems have been fixed in
version 2.5.7-1.

We recommend that you upgrade your squid package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody4.dsc
      Size/MD5 checksum:      612 ecf99211ec91dfb34bd6089ec9ae1b53
    http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody4.diff.gz
      Size/MD5 checksum:   226359 4e6ade338491ef8569035c4aecc855ef
    http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz
      Size/MD5 checksum:  1081920 59ce2c58da189626d77e27b9702ca228

  Alpha architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody4_alpha.deb
      Size/MD5 checksum:   814832 cca13d30e0f1f8910a07fa5ab70c861e
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody4_alpha.deb
      Size/MD5 checksum:    75250 421fd4ee596d4c9993ba5f8778eaef2f
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody4_alpha.deb
      Size/MD5 checksum:    59996 62c1544bce8c872e6c1b3fdce5e94475

  ARM architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody4_arm.deb
      Size/MD5 checksum:   724816 e2076225318e14b3c8bff10a40cdf7f9
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody4_arm.deb
      Size/MD5 checksum:    73026 4bc2cc0d5d0d29992ffd1b9a82653e21
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody4_arm.deb
      Size/MD5 checksum:    58332 408e227f29d0aa923044beedc3e7c92e

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody4_i386.deb
      Size/MD5 checksum:   684008 0a09e40e20659cebdbab638f1cbc009b
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody4_i386.deb
      Size/MD5 checksum:    72762 9e32b4f77446d9172b381f52f18a11eb
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody4_i386.deb
      Size/MD5 checksum:    57912 5b8e0c713676845dc5a7263a44dd56cd

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody4_ia64.deb
      Size/MD5 checksum:   952836 db5e0a6fc0863bdebbf579f957121da6
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody4_ia64.deb
      Size/MD5 checksum:    79144 7b9eb001137d25be30d9b8400d6aee39
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody4_ia64.deb
      Size/MD5 checksum:    62682 af3f6bdb3de9bdae20896f630eeb4b60

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody4_hppa.deb
      Size/MD5 checksum:   778974 59f67088877baa7baf90e60a4f3317a6
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody4_hppa.deb
      Size/MD5 checksum:    74462 118f494f5079eda3ba1b52d1462f4012
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody4_hppa.deb
      Size/MD5 checksum:    59482 cbef83fb6fbb50ad47d318a821dc7358

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody4_m68k.deb
      Size/MD5 checksum:   665202 51cc52fe2a265c63cbaed727fad15a99
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody4_m68k.deb
      Size/MD5 checksum:    72378 07708d039b0cf46ee7c6628ad7e4bcbf
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody4_m68k.deb
      Size/MD5 checksum:    57584 5102473e069bac195482ed6385def788

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody4_mips.deb
      Size/MD5 checksum:   764682 62488f6104b371b6107b39b6b4bcaeda
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody4_mips.deb
      Size/MD5 checksum:    73928 14f1391ec0888964efebe1ba7a11f220
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody4_mips.deb
      Size/MD5 checksum:    58636 0123e6dba5c165033e3ce6dd60c8d89a

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody4_mipsel.deb
      Size/MD5 checksum:   764144 8cb8b84931df0d8b271e5c2f8a010fb2
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody4_mipsel.deb
      Size/MD5 checksum:    74030 ee3349da5a1634891ed67136c9989fc6
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody4_mipsel.deb
      Size/MD5 checksum:    58736 75c8d8c7d15b149f3c0a1bdccae59df8

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody4_powerpc.deb
      Size/MD5 checksum:   721856 283001554d7096f5ddc4126231ef6807
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody4_powerpc.deb
      Size/MD5 checksum:    73014 4a6e19209a8dd04cdc74e474abeb16e5
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody4_powerpc.deb
      Size/MD5 checksum:    58220 7424479351cd71563de79769b90911d1

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody4_s390.deb
      Size/MD5 checksum:   711276 8cab4b4e4a1f89b36aac29fc59613c91
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody4_s390.deb
      Size/MD5 checksum:    73348 d677789f48da35c39467674bc165065a
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody4_s390.deb
      Size/MD5 checksum:    58784 f8d217932f607b381a17b5f798e3352a

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody4_sparc.deb
      Size/MD5 checksum:   723958 41dce5c7e630c0b0ecedbed8acba2e7a
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody4_sparc.deb
      Size/MD5 checksum:    75644 f4af52384e6190450d5fc46ca3b66a82
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody4_sparc.deb
      Size/MD5 checksum:    60660 3a44a74fe3bcf2dd714f308cd4708a89


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBgdf3W5ql+IAeqTIRAuoiAKCPBpTgkA8EZSrCteAxeghkLpqFCACeL8iz
jy5uf0Bj98dyYZgxALs00PE=
=ygMY
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2004, SecurityGlobal.net LLC