Vulnerabilities > CVE-2001-0142
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 1 | |
| OS | 5 | |
| OS | 2 | |
| OS | 1 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2001-003.NASL description WireX discovered a potential temporary file race condition in the way that squid sends out email messages notifying the administrator about updating the program. Usually this will only happen if you are running a development version of squid or if the clock on your system is incorrect. This problem has been corrected in the latest stable and development versions of squid. last seen 2020-06-01 modified 2020-06-02 plugin id 61877 published 2012-09-06 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61877 title Mandrake Linux Security Advisory : squid (MDKSA-2001:003) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2001:003. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(61877); script_version("1.5"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2001-0142"); script_xref(name:"MDKSA", value:"2001:003"); script_name(english:"Mandrake Linux Security Advisory : squid (MDKSA-2001:003)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandrake Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "WireX discovered a potential temporary file race condition in the way that squid sends out email messages notifying the administrator about updating the program. Usually this will only happen if you are running a development version of squid or if the clock on your system is incorrect. This problem has been corrected in the latest stable and development versions of squid." ); script_set_attribute(attribute:"solution", value:"Update the affected squid package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:squid"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:6.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:6.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2"); script_set_attribute(attribute:"patch_publication_date", value:"2001/01/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK6.0", cpu:"i386", reference:"squid-2.2.STABLE4-2.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK6.1", cpu:"i386", reference:"squid-2.2.STABLE4-2.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.0", cpu:"i386", reference:"squid-2.2.STABLE5-5.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"squid-2.3.STABLE2-2.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"squid-2.3.STABLE2-3.1mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-019.NASL description WireX discovered a potential temporary file race condition in the way that squid sends out email messages notifying the administrator about updating the program. This could lead to arbitrary files to get overwritten. However the code would only be executed if running a very bleeding edge release of squid, running a server whose time is set some number of months in the past and squid is crashing. Read it as hardly to exploit. This version also contains more upstream bugfixes wrt. dots in hostnames and improper HTML quoting. last seen 2020-06-01 modified 2020-06-02 plugin id 14856 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14856 title Debian DSA-019-1 : squid - insecure tempfile handling code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-019. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(14856); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:16"); script_cve_id("CVE-2001-0142"); script_bugtraq_id(2184); script_xref(name:"DSA", value:"019"); script_name(english:"Debian DSA-019-1 : squid - insecure tempfile handling"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "WireX discovered a potential temporary file race condition in the way that squid sends out email messages notifying the administrator about updating the program. This could lead to arbitrary files to get overwritten. However the code would only be executed if running a very bleeding edge release of squid, running a server whose time is set some number of months in the past and squid is crashing. Read it as hardly to exploit. This version also contains more upstream bugfixes wrt. dots in hostnames and improper HTML quoting." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2001/dsa-019" ); script_set_attribute( attribute:"solution", value:"Upgrade the affected squid package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squid"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2"); script_set_attribute(attribute:"patch_publication_date", value:"2001/01/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"2.2", prefix:"squid", reference:"2.2.5-3.1")) flag++; if (deb_check(release:"2.2", prefix:"squid-cgi", reference:"2.2.5-3.1")) flag++; if (deb_check(release:"2.2", prefix:"squidclient", reference:"2.2.5-3.1")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:deb_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- http://www.securityfocus.com/bid/2184
- http://archives.neohapsis.com/archives/bugtraq/2001-01/0212.html
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-003.php3
- http://www.debian.org/security/2001/dsa-019
- http://marc.info/?l=bugtraq&m=97916374410647&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5921