Vulnerabilities > CVE-2004-2479 - Information Disclosure vulnerability in Squid Proxy Failed DNS Lookup Random Error Messages
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensitive information via URLs containing invalid hostnames that cause DNS operations to fail, which results in references to previously used error messages.
Vulnerable Configurations
Nessus
NASL family Firewalls NASL id SQUID_MEM_DISCLOSURE.NASL description According to its banner, the version of Squid running on the remote host is prior to 2.5.STABLE8. It is, therefore, affected by an information disclosure vulnerability due to improper handling of malformed host names. An unauthenticated, remote attacker can exploit this issue to disclose the contents of recently freed memory as error messages. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 15929 published 2004-12-09 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15929 title Squid < 2.5.STABLE8 Malformed Host Name Error Message Information Disclosure NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-766.NASL description An updated Squid package that fixes security issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Squid is a full-featured Web proxy cache. A bug was found in the way Squid displays error messages. A remote attacker could submit a request containing an invalid hostname which would result in Squid displaying a previously used error message. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-2479 to this issue. Two denial of service bugs were found in the way Squid handles malformed requests. A remote attacker could submit a specially crafted request to Squid that would cause the server to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-2794 and CVE-2005-2796 to these issues. Please note that CVE-2005-2796 does not affect Red Hat Enterprise Linux 2.1 Users of Squid should upgrade to this updated package that contains backported patches, and is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 19713 published 2005-09-17 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19713 title RHEL 2.1 / 3 / 4 : squid (RHSA-2005:766) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-766.NASL description An updated Squid package that fixes security issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Squid is a full-featured Web proxy cache. A bug was found in the way Squid displays error messages. A remote attacker could submit a request containing an invalid hostname which would result in Squid displaying a previously used error message. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-2479 to this issue. Two denial of service bugs were found in the way Squid handles malformed requests. A remote attacker could submit a specially crafted request to Squid that would cause the server to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-2794 and CVE-2005-2796 to these issues. Please note that CVE-2005-2796 does not affect Red Hat Enterprise Linux 2.1 Users of Squid should upgrade to this updated package that contains backported patches, and is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21855 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21855 title CentOS 3 / 4 : squid (CESA-2005:766)
Oval
| accepted | 2013-04-29T04:21:31.665-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensitive information via URLs containing invalid hostnames that cause DNS operations to fail, which results in references to previously used error messages. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:9711 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensitive information via URLs containing invalid hostnames that cause DNS operations to fail, which results in references to previously used error messages. | ||||||||||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://fedoranews.org/updates/FEDORA--.shtml
- http://secunia.com/advisories/13408
- http://secunia.com/advisories/16977
- http://securitytracker.com/id?1012466
- http://www.osvdb.org/12282
- http://www.redhat.com/support/errata/RHSA-2005-766.html
- http://www.securityfocus.com/bid/11865
- http://www.squid-cache.org/bugs/show_bug.cgi?id=1143
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18406
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9711