Vulnerabilities > CVE-2002-0714 - Unspecified vulnerability in Squid

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
squid
nessus

Summary

FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.

Vulnerable Configurations

Part Description Count
Application
Squid
1

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2002-044.NASL
    descriptionNumerous security problems were fixed in squid-2.4.STABLE7. This releases has several bugfixes to the Gopher client to correct some security issues. Security fixes to how squid parses FTP directory listings into HTML have been implemented. A security fix to how squid forwards proxy authentication credentials has been applied, as well as the MSNT auth helper has been updated to fix buffer overflows in the helper. Finally, FTP data channels are now sanity checked to match the address of the requested FTP server, which prevents injection of data or theft.
    last seen2020-06-01
    modified2020-06-02
    plugin id13947
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13947
    titleMandrake Linux Security Advisory : squid (MDKSA-2002:044)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2002:044. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(13947);
      script_version ("1.17");
      script_cvs_date("Date: 2019/08/02 13:32:46");
    
      script_cve_id("CVE-2002-0713", "CVE-2002-0714", "CVE-2002-0715");
      script_xref(name:"MDKSA", value:"2002:044");
    
      script_name(english:"Mandrake Linux Security Advisory : squid (MDKSA-2002:044)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Mandrake Linux host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Numerous security problems were fixed in squid-2.4.STABLE7. This
    releases has several bugfixes to the Gopher client to correct some
    security issues. Security fixes to how squid parses FTP directory
    listings into HTML have been implemented. A security fix to how squid
    forwards proxy authentication credentials has been applied, as well as
    the MSNT auth helper has been updated to fix buffer overflows in the
    helper. Finally, FTP data channels are now sanity checked to match the
    address of the requested FTP server, which prevents injection of data
    or theft."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected squid package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:squid");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2002/07/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"squid-2.4.STABLE7-1.3mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"squid-2.4.STABLE7-1.3mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"squid-2.4.STABLE7-1.2mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"squid-2.4.STABLE7-1.1mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"squid-2.4.STABLE7-1.1mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2002-130.NASL
    descriptionNew Squid packages are available which fix various issues. Squid is a high-performance proxy caching server. The following summary describes the various issues found and fixed : Several buffer overflows have been found in the MSTN auth helper (msnt_auth) when configured to use denyusers or allowusers access control files. Several buffer overflows were found in the gopher client of Squid. It could be possible for a malicious gopher server to cause Squid to crash. A problem was found in the handling of the FTP data channel, possibly allowing abuse of the FTP proxy to bypass firewall rules or inject false FTP replies. Several possible buffer overflows were found in the code parsing FTP directories, which potentially allow for an untrusted FTP server to crash Squid. Thanks go to Olaf Kirch and the Squid team for notifying us of the problems and to the Squid team for providing patches. All users of Squid are advised to upgrade to these errata packages which contain patches to correct each of these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id12308
    published2004-07-06
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/12308
    titleRHEL 2.1 : squid (RHSA-2002:130)

Redhat

advisories
  • rhsa
    idRHSA-2002:051
  • rhsa
    idRHSA-2002:130