Vulnerabilities > CVE-2001-0142

047910
CVSS 1.2 - LOW
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE

Summary

squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2001-003.NASL
    descriptionWireX discovered a potential temporary file race condition in the way that squid sends out email messages notifying the administrator about updating the program. Usually this will only happen if you are running a development version of squid or if the clock on your system is incorrect. This problem has been corrected in the latest stable and development versions of squid.
    last seen2020-06-01
    modified2020-06-02
    plugin id61877
    published2012-09-06
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61877
    titleMandrake Linux Security Advisory : squid (MDKSA-2001:003)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2001:003. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61877);
      script_version("1.5");
      script_cvs_date("Date: 2019/08/02 13:32:46");
    
      script_cve_id("CVE-2001-0142");
      script_xref(name:"MDKSA", value:"2001:003");
    
      script_name(english:"Mandrake Linux Security Advisory : squid (MDKSA-2001:003)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Mandrake Linux host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "WireX discovered a potential temporary file race condition in the way
    that squid sends out email messages notifying the administrator about
    updating the program. Usually this will only happen if you are running
    a development version of squid or if the clock on your system is
    incorrect. This problem has been corrected in the latest stable and
    development versions of squid."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected squid package.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:N/I:P/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:squid");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:6.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:6.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2001/01/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK6.0", cpu:"i386", reference:"squid-2.2.STABLE4-2.1mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK6.1", cpu:"i386", reference:"squid-2.2.STABLE4-2.1mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK7.0", cpu:"i386", reference:"squid-2.2.STABLE5-5.1mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"squid-2.3.STABLE2-2.1mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"squid-2.3.STABLE2-3.1mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-019.NASL
    descriptionWireX discovered a potential temporary file race condition in the way that squid sends out email messages notifying the administrator about updating the program. This could lead to arbitrary files to get overwritten. However the code would only be executed if running a very bleeding edge release of squid, running a server whose time is set some number of months in the past and squid is crashing. Read it as hardly to exploit. This version also contains more upstream bugfixes wrt. dots in hostnames and improper HTML quoting.
    last seen2020-06-01
    modified2020-06-02
    plugin id14856
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14856
    titleDebian DSA-019-1 : squid - insecure tempfile handling
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-019. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(14856);
      script_version("1.17");
      script_cvs_date("Date: 2019/08/02 13:32:16");
    
      script_cve_id("CVE-2001-0142");
      script_bugtraq_id(2184);
      script_xref(name:"DSA", value:"019");
    
      script_name(english:"Debian DSA-019-1 : squid - insecure tempfile handling");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "WireX discovered a potential temporary file race condition in the way
    that squid sends out email messages notifying the administrator about
    updating the program. This could lead to arbitrary files to get
    overwritten. However the code would only be executed if running a very
    bleeding edge release of squid, running a server whose time is set
    some number of months in the past and squid is crashing. Read it as
    hardly to exploit. This version also contains more upstream bugfixes
    wrt. dots in hostnames and improper HTML quoting."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2001/dsa-019"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Upgrade the affected squid package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:ND");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squid");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2001/01/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"2.2", prefix:"squid", reference:"2.2.5-3.1")) flag++;
    if (deb_check(release:"2.2", prefix:"squid-cgi", reference:"2.2.5-3.1")) flag++;
    if (deb_check(release:"2.2", prefix:"squidclient", reference:"2.2.5-3.1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());
      else security_note(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");