Vulnerabilities > CVE-2007-1560 - Remote Denial of Service vulnerability in Squid Proxy TRACE Request

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
squid
nessus

Summary

The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error.

Nessus

  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0131.NASL
    descriptionFrom Red Hat Security Advisory 2007:0131 : An updated squid package that fixes a security vulnerability is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. A denial of service flaw was found in the way Squid processed the TRACE request method. It was possible for an attacker behind the Squid proxy to issue a malformed TRACE request, crashing the Squid daemon child process. As long as these requests were sent, it would prevent legitimate usage of the proxy server. (CVE-2007-1560) This flaw does not affect the version of Squid shipped in Red Hat Enterprise Linux 2.1, 3, or 4. Users of Squid should upgrade to this updated package, which contains a backported patch and is not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id67467
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67467
    titleOracle Linux 5 : squid (ELSA-2007-0131)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2007:0131 and 
    # Oracle Linux Security Advisory ELSA-2007-0131 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67467);
      script_version("1.7");
      script_cvs_date("Date: 2019/10/25 13:36:06");
    
      script_cve_id("CVE-2007-1560");
      script_xref(name:"RHSA", value:"2007:0131");
    
      script_name(english:"Oracle Linux 5 : squid (ELSA-2007-0131)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2007:0131 :
    
    An updated squid package that fixes a security vulnerability is now
    available for Red Hat Enterprise Linux 5.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    Squid is a high-performance proxy caching server for Web clients,
    supporting FTP, gopher, and HTTP data objects.
    
    A denial of service flaw was found in the way Squid processed the
    TRACE request method. It was possible for an attacker behind the Squid
    proxy to issue a malformed TRACE request, crashing the Squid daemon
    child process. As long as these requests were sent, it would prevent
    legitimate usage of the proxy server. (CVE-2007-1560)
    
    This flaw does not affect the version of Squid shipped in Red Hat
    Enterprise Linux 2.1, 3, or 4.
    
    Users of Squid should upgrade to this updated package, which contains
    a backported patch and is not vulnerable to this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2007-June/000233.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected squid package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:squid");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/06/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL5", reference:"squid-2.6.STABLE6-4.el5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "squid");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0131.NASL
    descriptionAn updated squid package that fixes a security vulnerability is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. A denial of service flaw was found in the way Squid processed the TRACE request method. It was possible for an attacker behind the Squid proxy to issue a malformed TRACE request, crashing the Squid daemon child process. As long as these requests were sent, it would prevent legitimate usage of the proxy server. (CVE-2007-1560) This flaw does not affect the version of Squid shipped in Red Hat Enterprise Linux 2.1, 3, or 4. Users of Squid should upgrade to this updated package, which contains a backported patch and is not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id25323
    published2007-05-25
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25323
    titleRHEL 5 : squid (RHSA-2007:0131)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2007:0131. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(25323);
      script_version ("1.21");
      script_cvs_date("Date: 2019/10/25 13:36:12");
    
      script_cve_id("CVE-2007-1560");
      script_xref(name:"RHSA", value:"2007:0131");
    
      script_name(english:"RHEL 5 : squid (RHSA-2007:0131)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An updated squid package that fixes a security vulnerability is now
    available for Red Hat Enterprise Linux 5.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    Squid is a high-performance proxy caching server for Web clients,
    supporting FTP, gopher, and HTTP data objects.
    
    A denial of service flaw was found in the way Squid processed the
    TRACE request method. It was possible for an attacker behind the Squid
    proxy to issue a malformed TRACE request, crashing the Squid daemon
    child process. As long as these requests were sent, it would prevent
    legitimate usage of the proxy server. (CVE-2007-1560)
    
    This flaw does not affect the version of Squid shipped in Red Hat
    Enterprise Linux 2.1, 3, or 4.
    
    Users of Squid should upgrade to this updated package, which contains
    a backported patch and is not vulnerable to this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-1560"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2007:0131"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected squid package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:squid");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/04/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/05/25");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2007:0131";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"squid-2.6.STABLE6-4.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"squid-2.6.STABLE6-4.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"squid-2.6.STABLE6-4.el5")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "squid");
      }
    }
    
  • NASL familyFirewalls
    NASL idSQUID_2612.NASL
    descriptionA vulnerability in TRACE request processing has been reported in Squid, which can be exploited by malicious people to cause a denial of service.
    last seen2020-06-01
    modified2020-06-02
    plugin id24873
    published2007-03-23
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24873
    titleSquid < 2.6.STABLE12 src/client_side.c clientProcessRequest() function TRACE Request DoS
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-068.NASL
    descriptionDue to an internal error Squid-2.6 is vulnerable to a denial of service attack when processing the TRACE request method. This problem allows any client trusted to use the service to perform a denial of service attack on the Squid service. Updated packages have been patched to address this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id24894
    published2007-03-26
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24894
    titleMandrake Linux Security Advisory : squid (MDKSA-2007:068)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-441-1.NASL
    descriptionA flaw was discovered in Squid
    last seen2020-06-01
    modified2020-06-02
    plugin id28038
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28038
    titleUbuntu 6.10 : squid vulnerability (USN-441-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SQUID-3036.NASL
    descriptionThis update fixes a remote denial of service problem in Squid 2.6 (CVE-2007-1560). Other Squid versions are not affected.
    last seen2020-06-01
    modified2020-06-02
    plugin id27453
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27453
    titleopenSUSE 10 Security Update : squid (squid-3036)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_C27BC173D7AA11DBB1410016179B2DD5.NASL
    descriptionSquid advisory 2007:1 notes : Due to an internal error Squid-2.6 is vulnerable to a denial of service attack when processing the TRACE request method. Workarounds : To work around the problem deny access to using the TRACE method by inserting the following two lines before your first http_access rule. acl TRACE method TRACE http_access deny TRACE
    last seen2020-06-01
    modified2020-06-02
    plugin id24886
    published2007-03-26
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24886
    titleFreeBSD : Squid -- TRACE method handling denial of service (c27bc173-d7aa-11db-b141-0016179b2dd5)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200703-27.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200703-27 (Squid: Denial of Service) Squid incorrectly handles TRACE requests that contain a
    last seen2020-06-01
    modified2020-06-02
    plugin id24932
    published2007-04-05
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24932
    titleGLSA-200703-27 : Squid: Denial of Service

Oval

accepted2013-04-29T04:04:21.456-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionThe clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error.
familyunix
idoval:org.mitre.oval:def:10291
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleThe clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error.
version18

Redhat

advisories
bugzilla
id233253
titleCVE-2007-1560 Squid TRACE DoS
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • commentsquid is earlier than 7:2.6.STABLE6-4.el5
      ovaloval:com.redhat.rhsa:tst:20070131001
    • commentsquid is signed with Red Hat redhatrelease key
      ovaloval:com.redhat.rhsa:tst:20070131002
rhsa
idRHSA-2007:0131
released2007-04-03
severityModerate
titleRHSA-2007:0131: squid security update (Moderate)
rpms
  • squid-7:2.6.STABLE6-4.el5
  • squid-debuginfo-7:2.6.STABLE6-4.el5