Vulnerabilities > CVE-2007-0248 - Remote Denial of Service vulnerability in Squid 2.6.Stable6
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Firewalls NASL id SQUID_CDOS.NASL description Two vulnerabilities have been reported in Squid, which can be exploited by malicious people to cause a denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 24870 published 2007-03-20 reporter (C) 2007-2018 Shu-Ting Ou <[email protected]> source https://www.tenable.com/plugins/nessus/24870 title Squid < 2.6.STABLE7 Multiple Remote DoS code # Changes by Tenable: # - added script_name, revised description, added script dependency # - added code to only run if report paranoia is "Paranoid". # - fixed regex, added report function. # - updated title (6/25/09) # - changed plugin family (7/6/09) # - Updated to use compat.inc (11/20/2009) include("compat.inc"); if (description) { script_id(24870); script_version("1.18"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12"); script_cve_id("CVE-2007-0247", "CVE-2007-0248"); script_bugtraq_id(22079, 22203); script_name(english:"Squid < 2.6.STABLE7 Multiple Remote DoS"); script_summary(english:"Determines squid version"); script_set_attribute(attribute:"synopsis", value: "The remote proxy server is affected by multiple denial of service vulnerabilities."); script_set_attribute(attribute:"description", value: "Two vulnerabilities have been reported in Squid, which can be exploited by malicious people to cause a denial of service."); # http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?69b56cc5"); script_set_attribute(attribute:"solution", value:"Upgrade to squid 2.6.STABLE7 or newer."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(399); script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/03/20"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:squid-cache:squid"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"(C) 2007-2020 Shu-Ting Ou <[email protected]>"); script_family(english:"Firewalls"); script_dependencies("proxy_use.nasl"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/http_proxy",3128, 8080); exit(0); } include("audit.inc"); include("global_settings.inc"); include("http_func.inc"); include("http_keepalive.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); port = get_kb_item("Services/http_proxy"); if(!port)port = 3128; if(!get_port_state(port))port = 8080; if(get_port_state(port)) { res = http_get_cache_ka(item:"/", port:port); if(res && egrep(pattern:"[Ss]quid/2\.([0-5]\.|6\.STABLE[0-6][^0-9])", string:res)) security_warning(port); }NASL family SuSE Local Security Checks NASL id SUSE_SA_2007_012.NASL description The remote host is missing the patch for the advisory SUSE-SA:2007:012 (squid). This update fixes a remotely exploitable denial-of-service bug in squid that can be triggered by using special ftp:// URLs. (CVE-2007-0247) Additionally the 10.2 package needed a fix for another DoS bug (CVE-2007-0248) and for max_user_ip handling in ntlm_auth. last seen 2019-10-28 modified 2007-02-18 plugin id 24465 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24465 title SUSE-SA:2007:012: squid NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200701-22.NASL description The remote host is affected by the vulnerability described in GLSA-200701-22 (Squid: Multiple Denial of Service vulnerabilities) Squid fails to correctly handle ftp:// URI last seen 2020-06-01 modified 2020-06-02 plugin id 24258 published 2007-01-26 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24258 title GLSA-200701-22 : Squid: Multiple Denial of Service vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-026.NASL description A vulnerability in squid was discovered that could be remotely exploited by using a special ftp:// URL (CVE-2007-0247). Another Denial of Service vulnerability was discovered in squid 2.6 that allows remote attackers to crash the server by causing an external_acl_queue overload (CVE-2007-0248). Additionally, a bug in squid 2.6 for max_user_ip handling in ntlm_auth has been corrected. The updated packages have been patched to correct this problem. last seen 2020-06-01 modified 2020-06-02 plugin id 24640 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24640 title Mandrake Linux Security Advisory : squid (MDKSA-2007:026) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-414-1.NASL description David Duncan Ross Palmer and Henrik Nordstrom discovered that squid incorrectly handled special characters in FTP URLs. Remote users with access to squid could crash the server leading to a denial of service. (CVE-2007-0247) Erick Dantas Rotole and Henrik Nordstrom discovered that squid could end up in an endless loop when exhausted of available external ACL helpers. Remote users with access to squid could cause CPU starvation, possibly leading to a denial of service. This does not affect a default Ubuntu installation, since external ACL helpers must be configured and used. (CVE-2007-0248). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28003 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28003 title Ubuntu 6.06 LTS / 6.10 : squid vulnerabilities (USN-414-1) NASL family SuSE Local Security Checks NASL id SUSE_SQUID-2502.NASL description This update fixes a remotely exploitable denial-of-service bug in squid, that can be triggered by using special ftp:// URLs. (CVE-2007-0247) The packages are not vulnerable to a bug in external ACLs. (CVE-2007-0248) last seen 2020-06-01 modified 2020-06-02 plugin id 29582 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29582 title SuSE 10 Security Update : squid (ZYPP Patch Number 2502) NASL family SuSE Local Security Checks NASL id SUSE_SQUID-2504.NASL description This update fixes a remotely exploitable denial-of-service bug in squid, that can be triggered by using special ftp:// URLs. (CVE-2007-0247) Additionally the 10.2 package needed a fix for another DoS bug (CVE-2007-0248) and for max_user_ip handling in ntlm_auth. last seen 2020-06-01 modified 2020-06-02 plugin id 27452 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27452 title openSUSE 10 Security Update : squid (squid-2504) NASL family SuSE Local Security Checks NASL id SUSE9_11402.NASL description - This update fixes a remotely exploitable denial-of-service bug in squid, that can be triggered by using special ftp:// URLs. (CVE-2007-0247) - The packages are not vulnerable to a bug in external ACLs. (CVE-2007-0248) last seen 2020-06-01 modified 2020-06-02 plugin id 41115 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41115 title SuSE9 Security Update : squid (YOU Patch Number 11402)
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-07-26 |
| organization | Red Hat |
| statement | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. This issue did not affect the versions of Squid as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. |
References
- http://secunia.com/advisories/23767
- http://secunia.com/advisories/23805
- http://secunia.com/advisories/23889
- http://secunia.com/advisories/23921
- http://secunia.com/advisories/23946
- http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:026
- http://www.novell.com/linux/security/advisories/2007_12_squid.html
- http://www.securityfocus.com/bid/22203
- http://www.squid-cache.org/bugs/show_bug.cgi?id=1848
- http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12
- http://www.ubuntu.com/usn/usn-414-1
- http://www.vupen.com/english/advisories/2007/0199
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31525