Vulnerabilities > CVE-2005-1519 - DNS Spoofing vulnerability in Squid Proxy

047910
CVSS 6.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
squid
nessus

Summary

Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups.

Vulnerable Configurations

Part Description Count
Application
Squid
1

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-415.NASL
    descriptionAn updated squid package that fixes several security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. Squid is a full-featured Web proxy cache. A race condition bug was found in the way Squid handles the now obsolete Set-Cookie header. It is possible that Squid can leak Set-Cookie header information to other clients connecting to Squid. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0626 to this issue. Please note that this issue only affected Red Hat Enterprise Linux 4. A bug was found in the way Squid handles PUT and POST requests. It is possible for an authorised remote user to cause a failed PUT or POST request which can cause Squid to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0718 to this issue. A bug was found in the way Squid processes errors in the access control list. It is possible that an error in the access control list could give users more access than intended. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1345 to this issue. A bug was found in the way Squid handles access to the cachemgr.cgi script. It is possible for an authorised remote user to bypass access control lists with this flaw. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-1999-0710 to this issue. A bug was found in the way Squid handles DNS replies. If the port Squid uses for DNS requests is not protected by a firewall it is possible for a remote attacker to spoof DNS replies, possibly redirecting a user to spoofed or malicious content. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1519 to this issue. Additionally this update fixes the following bugs: - LDAP Authentication fails with an assertion error when using Red Hat Enterprise Linux 4 Users of Squid should upgrade to this updated package, which contains backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id18500
    published2005-06-16
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/18500
    titleRHEL 3 / 4 : squid (RHSA-2005:415)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-751.NASL
    descriptionThe upstream developers have discovered a bug in the DNS lookup code of Squid, the popular WWW proxy cache. When the DNS client UDP port (assigned by the operating system at startup) is unfiltered and the network is not protected from IP spoofing, malicious users can spoof DNS lookups which could result in users being redirected to arbitrary web sites.
    last seen2020-06-01
    modified2020-06-02
    plugin id18667
    published2005-07-11
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18667
    titleDebian DSA-751-1 : squid - IP spoofing
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-489.NASL
    descriptionAn updated squid package that fixes several security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. Squid is a full-featured Web proxy cache. A bug was found in the way Squid handles PUT and POST requests. It is possible for an authorised remote user to cause a failed PUT or POST request which can cause Squid to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0718 to this issue. A bug was found in the way Squid handles access to the cachemgr.cgi script. It is possible for an authorised remote user to bypass access control lists with this flaw. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-1999-0710 to this issue. A bug was found in the way Squid handles DNS replies. If the port Squid uses for DNS requests is not protected by a firewall, it is possible for a remote attacker to spoof DNS replies, possibly redirecting a user to spoofed or malicious content. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1519 to this issue. Additionally, this update fixes the following bugs: - squid fails in the unpacking of squid-2.4.STABLE7-1.21as.5.src.rpm Users of Squid should upgrade to this updated package, which contains backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id18471
    published2005-06-13
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/18471
    titleRHEL 2.1 : squid (RHSA-2005:489)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-129-1.NASL
    descriptionIt was discovered that Squid did not verify the validity of DNS server responses. When Squid is started, it opens a DNS client UDP port whose number is randomly assigned by the operating system. Unless your network firewall is configured to accept DNS responses only from known good nameservers, this vulnerability allowed users within the local network to inject arbitrary DNS responses into Squid (
    last seen2020-06-01
    modified2020-06-02
    plugin id20519
    published2006-01-15
    reporterUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20519
    titleUbuntu 4.10 / 5.04 : squid vulnerability (USN-129-1)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-104.NASL
    descriptionA bug was found in the way that Squid handles DNS replies. If the port Squid uses for DNS requests is not protected by a firewall, it is possible for a remote attacker to spoof DNS replies, possibly redirecting a user to spoofed or malicious content.
    last seen2020-06-01
    modified2020-06-02
    plugin id18561
    published2005-06-25
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18561
    titleMandrake Linux Security Advisory : squid (MDKSA-2005:104)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_7E97B288C7CA11D99E1EC296AC722CB3.NASL
    descriptionThe squid patches page notes : Malicious users may spoof DNS lookups if the DNS client UDP port (random, assigned by OS as startup) is unfiltered and your network is not protected from IP spoofing.
    last seen2020-06-01
    modified2020-06-02
    plugin id19000
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19000
    titleFreeBSD : squid -- DNS lookup spoofing vulnerability (7e97b288-c7ca-11d9-9e1e-c296ac722cb3)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-373.NASL
    description - Mon May 16 2005 Jay Fenlason <fenlason at redhat.com> 7:2.5.STABLE9-1.FC3.6 - More upstream patches, including ones for bz#157456 CVE-2005-1519 DNS lookups unreliable on untrusted networks bz#156162 CVE-1999-0710 cachemgr.cgi access control bypass - The following bugs had already been fixed, but the announcements were lost bz#156711 CVE-2005-1390 HTTP Request Smuggling Vulnerabilities bz#156703 CVE-2005-1389 HTTP Response Splitting Vulnerabilities (Both fixed by squid-7:2.5.STABLE8-1.FC3.1) bz#151419 Unexpected access control results on configuration errors (Fixed by 7:2.5.STABLE9-1.FC3.2) bz#152647#squid-2.5.STABLE9-1.FC3.4.x86_64.rpm is broken (fixed by 7:2.5.STABLE9-1.FC3.5) bz#141938 squid ldap authentification broken (Fixed by 7:2.5.STABLE7-1.FC3) - Fri Apr 1 2005 Jay Fenlason <fenlason at redhat.com> 7:2.5.STABLE9-1.FC3.5 - More upstream patches, including a new version of the -2GB patch that doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id18337
    published2005-05-19
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18337
    titleFedora Core 3 : squid-2.5.STABLE9-1.FC3.6 (2005-373)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2005-415.NASL
    descriptionAn updated squid package that fixes several security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. Squid is a full-featured Web proxy cache. A race condition bug was found in the way Squid handles the now obsolete Set-Cookie header. It is possible that Squid can leak Set-Cookie header information to other clients connecting to Squid. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0626 to this issue. Please note that this issue only affected Red Hat Enterprise Linux 4. A bug was found in the way Squid handles PUT and POST requests. It is possible for an authorised remote user to cause a failed PUT or POST request which can cause Squid to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0718 to this issue. A bug was found in the way Squid processes errors in the access control list. It is possible that an error in the access control list could give users more access than intended. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1345 to this issue. A bug was found in the way Squid handles access to the cachemgr.cgi script. It is possible for an authorised remote user to bypass access control lists with this flaw. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-1999-0710 to this issue. A bug was found in the way Squid handles DNS replies. If the port Squid uses for DNS requests is not protected by a firewall it is possible for a remote attacker to spoof DNS replies, possibly redirecting a user to spoofed or malicious content. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1519 to this issue. Additionally this update fixes the following bugs: - LDAP Authentication fails with an assertion error when using Red Hat Enterprise Linux 4 Users of Squid should upgrade to this updated package, which contains backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id21822
    published2006-07-03
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21822
    titleCentOS 3 / 4 : squid (CESA-2005:415)

Oval

accepted2013-04-29T04:23:49.312-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionSquid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups.
familyunix
idoval:org.mitre.oval:def:9976
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleSquid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups.
version26

Redhat

advisories
rhsa
idRHSA-2005:489
rpms
  • squid-7:2.5.STABLE3-6.3E.13
  • squid-7:2.5.STABLE6-3.4E.9
  • squid-debuginfo-7:2.5.STABLE3-6.3E.13
  • squid-debuginfo-7:2.5.STABLE6-3.4E.9