Vulnerabilities > CVE-2005-1519 - DNS Spoofing vulnerability in Squid Proxy
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-415.NASL description An updated squid package that fixes several security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. Squid is a full-featured Web proxy cache. A race condition bug was found in the way Squid handles the now obsolete Set-Cookie header. It is possible that Squid can leak Set-Cookie header information to other clients connecting to Squid. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0626 to this issue. Please note that this issue only affected Red Hat Enterprise Linux 4. A bug was found in the way Squid handles PUT and POST requests. It is possible for an authorised remote user to cause a failed PUT or POST request which can cause Squid to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0718 to this issue. A bug was found in the way Squid processes errors in the access control list. It is possible that an error in the access control list could give users more access than intended. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1345 to this issue. A bug was found in the way Squid handles access to the cachemgr.cgi script. It is possible for an authorised remote user to bypass access control lists with this flaw. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-1999-0710 to this issue. A bug was found in the way Squid handles DNS replies. If the port Squid uses for DNS requests is not protected by a firewall it is possible for a remote attacker to spoof DNS replies, possibly redirecting a user to spoofed or malicious content. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1519 to this issue. Additionally this update fixes the following bugs: - LDAP Authentication fails with an assertion error when using Red Hat Enterprise Linux 4 Users of Squid should upgrade to this updated package, which contains backported patches to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 18500 published 2005-06-16 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18500 title RHEL 3 / 4 : squid (RHSA-2005:415) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-751.NASL description The upstream developers have discovered a bug in the DNS lookup code of Squid, the popular WWW proxy cache. When the DNS client UDP port (assigned by the operating system at startup) is unfiltered and the network is not protected from IP spoofing, malicious users can spoof DNS lookups which could result in users being redirected to arbitrary web sites. last seen 2020-06-01 modified 2020-06-02 plugin id 18667 published 2005-07-11 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18667 title Debian DSA-751-1 : squid - IP spoofing NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-489.NASL description An updated squid package that fixes several security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. Squid is a full-featured Web proxy cache. A bug was found in the way Squid handles PUT and POST requests. It is possible for an authorised remote user to cause a failed PUT or POST request which can cause Squid to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0718 to this issue. A bug was found in the way Squid handles access to the cachemgr.cgi script. It is possible for an authorised remote user to bypass access control lists with this flaw. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-1999-0710 to this issue. A bug was found in the way Squid handles DNS replies. If the port Squid uses for DNS requests is not protected by a firewall, it is possible for a remote attacker to spoof DNS replies, possibly redirecting a user to spoofed or malicious content. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1519 to this issue. Additionally, this update fixes the following bugs: - squid fails in the unpacking of squid-2.4.STABLE7-1.21as.5.src.rpm Users of Squid should upgrade to this updated package, which contains backported patches to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 18471 published 2005-06-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18471 title RHEL 2.1 : squid (RHSA-2005:489) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-129-1.NASL description It was discovered that Squid did not verify the validity of DNS server responses. When Squid is started, it opens a DNS client UDP port whose number is randomly assigned by the operating system. Unless your network firewall is configured to accept DNS responses only from known good nameservers, this vulnerability allowed users within the local network to inject arbitrary DNS responses into Squid ( last seen 2020-06-01 modified 2020-06-02 plugin id 20519 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20519 title Ubuntu 4.10 / 5.04 : squid vulnerability (USN-129-1) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-104.NASL description A bug was found in the way that Squid handles DNS replies. If the port Squid uses for DNS requests is not protected by a firewall, it is possible for a remote attacker to spoof DNS replies, possibly redirecting a user to spoofed or malicious content. last seen 2020-06-01 modified 2020-06-02 plugin id 18561 published 2005-06-25 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18561 title Mandrake Linux Security Advisory : squid (MDKSA-2005:104) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_7E97B288C7CA11D99E1EC296AC722CB3.NASL description The squid patches page notes : Malicious users may spoof DNS lookups if the DNS client UDP port (random, assigned by OS as startup) is unfiltered and your network is not protected from IP spoofing. last seen 2020-06-01 modified 2020-06-02 plugin id 19000 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19000 title FreeBSD : squid -- DNS lookup spoofing vulnerability (7e97b288-c7ca-11d9-9e1e-c296ac722cb3) NASL family Fedora Local Security Checks NASL id FEDORA_2005-373.NASL description - Mon May 16 2005 Jay Fenlason <fenlason at redhat.com> 7:2.5.STABLE9-1.FC3.6 - More upstream patches, including ones for bz#157456 CVE-2005-1519 DNS lookups unreliable on untrusted networks bz#156162 CVE-1999-0710 cachemgr.cgi access control bypass - The following bugs had already been fixed, but the announcements were lost bz#156711 CVE-2005-1390 HTTP Request Smuggling Vulnerabilities bz#156703 CVE-2005-1389 HTTP Response Splitting Vulnerabilities (Both fixed by squid-7:2.5.STABLE8-1.FC3.1) bz#151419 Unexpected access control results on configuration errors (Fixed by 7:2.5.STABLE9-1.FC3.2) bz#152647#squid-2.5.STABLE9-1.FC3.4.x86_64.rpm is broken (fixed by 7:2.5.STABLE9-1.FC3.5) bz#141938 squid ldap authentification broken (Fixed by 7:2.5.STABLE7-1.FC3) - Fri Apr 1 2005 Jay Fenlason <fenlason at redhat.com> 7:2.5.STABLE9-1.FC3.5 - More upstream patches, including a new version of the -2GB patch that doesn last seen 2020-06-01 modified 2020-06-02 plugin id 18337 published 2005-05-19 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18337 title Fedora Core 3 : squid-2.5.STABLE9-1.FC3.6 (2005-373) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-415.NASL description An updated squid package that fixes several security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. Squid is a full-featured Web proxy cache. A race condition bug was found in the way Squid handles the now obsolete Set-Cookie header. It is possible that Squid can leak Set-Cookie header information to other clients connecting to Squid. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0626 to this issue. Please note that this issue only affected Red Hat Enterprise Linux 4. A bug was found in the way Squid handles PUT and POST requests. It is possible for an authorised remote user to cause a failed PUT or POST request which can cause Squid to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0718 to this issue. A bug was found in the way Squid processes errors in the access control list. It is possible that an error in the access control list could give users more access than intended. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1345 to this issue. A bug was found in the way Squid handles access to the cachemgr.cgi script. It is possible for an authorised remote user to bypass access control lists with this flaw. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-1999-0710 to this issue. A bug was found in the way Squid handles DNS replies. If the port Squid uses for DNS requests is not protected by a firewall it is possible for a remote attacker to spoof DNS replies, possibly redirecting a user to spoofed or malicious content. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1519 to this issue. Additionally this update fixes the following bugs: - LDAP Authentication fails with an assertion error when using Red Hat Enterprise Linux 4 Users of Squid should upgrade to this updated package, which contains backported patches to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21822 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21822 title CentOS 3 / 4 : squid (CESA-2005:415)
Oval
accepted | 2013-04-29T04:23:49.312-04:00 | ||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||
contributors |
| ||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||
description | Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups. | ||||||||||||||||||||
family | unix | ||||||||||||||||||||
id | oval:org.mitre.oval:def:9976 | ||||||||||||||||||||
status | accepted | ||||||||||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
title | Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups. | ||||||||||||||||||||
version | 26 |
Redhat
advisories |
| ||||
rpms |
|
References
- http://fedoranews.org/updates/FEDORA--.shtml
- http://secunia.com/advisories/15294
- http://www.debian.org/security/2005/dsa-751
- http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html
- http://www.redhat.com/support/errata/RHSA-2005-489.html
- http://www.securityfocus.com/bid/13592
- http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query
- http://www.vupen.com/english/advisories/2005/0521
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9976