Vulnerabilities > CVE-2010-2951 - Unspecified vulnerability in Squid-Cache Squid 3.1.6
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Firewalls NASL id SQUID_3_1_7.NASL description According to its banner, the version of the Squid proxy caching server installed on the remote host is 3.1.6. This version is affected by a denial of service vulnerability that is caused by an assertion failure when contacting IPv4-only DNS resolvers. Note that Nessus has relied only on the version in the proxy server last seen 2020-06-01 modified 2020-06-02 plugin id 48433 published 2010-08-25 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/48433 title Squid 3.1.6 DNS Reply Denial of Service code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(48433); script_version("1.14"); script_cvs_date("Date: 2018/11/15 20:50:22"); script_cve_id("CVE-2010-2951"); script_bugtraq_id(42645); script_name(english:"Squid 3.1.6 DNS Reply Denial of Service"); script_summary(english:"Checks version of Squid in its banner"); script_set_attribute(attribute:"synopsis", value: "The remote proxy server is affected by a denial of service vulnerability."); script_set_attribute(attribute:"description", value: "According to its banner, the version of the Squid proxy caching server installed on the remote host is 3.1.6. This version is affected by a denial of service vulnerability that is caused by an assertion failure when contacting IPv4-only DNS resolvers. Note that Nessus has relied only on the version in the proxy server's banner, which is not updated by either of the patches the project has released to address this issue. If one of those has been applied properly and the service restarted, consider this to be a false positive."); script_set_attribute(attribute:"see_also", value:"https://bugs.squid-cache.org/show_bug.cgi?id=3021"); script_set_attribute(attribute:"see_also", value:"http://www.squid-cache.org/mail-archive/squid-users/201008/0480.html"); script_set_attribute(attribute:"solution", value:"Upgrade to Squid version 3.1.7 or later"); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/08/24"); script_set_attribute(attribute:"patch_publication_date", value:"2010/08/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/25"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:squid-cache:squid"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Firewalls"); script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc."); script_dependencies("squid_version.nasl"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/http_proxy", 3128, 8080); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); # Build a list of ports from the KB list = get_kb_list("http_proxy/*/squid/version"); if (isnull(list)) exit(0, "The host does not appear to be running a Squid proxy server."); vulnerable = FALSE; foreach item (keys(list)) { port = ereg_replace(pattern:'^http_proxy/([0-9]+)/squid/version', replace:'\\1', string:item); version = list[item]; source = get_kb_item('http_proxy/'+port+'/squid/source'); if (version =~ '3\\.1\\.6([^0-9]|$)') { vulnerable = TRUE; if (report_verbosity > 0) { report = '\n Version source : ' + source + '\n Installed version : ' + version + '\n Fixed version : 3.1.7\n'; security_warning(port:port, extra:report); } else security_warning(port); } } if (!vulnerable) exit(0, "No vulnerable versions of Squid were detected on the remote host.");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201110-24.NASL description The remote host is affected by the vulnerability described in GLSA-201110-24 (Squid: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Squid. Please review the CVE identifiers referenced below for details. Impact : Remote unauthenticated attackers may be able to execute arbitrary code with the privileges of the Squid process or cause a Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 56658 published 2011-10-27 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56658 title GLSA-201110-24 : Squid: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201110-24. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(56658); script_version("1.9"); script_cvs_date("Date: 2018/07/11 17:09:26"); script_cve_id("CVE-2009-2621", "CVE-2009-2622", "CVE-2009-2855", "CVE-2010-0308", "CVE-2010-0639", "CVE-2010-2951", "CVE-2010-3072", "CVE-2011-3205"); script_bugtraq_id(35812, 36091, 37522, 38212, 42645, 42982, 49356); script_xref(name:"GLSA", value:"201110-24"); script_name(english:"GLSA-201110-24 : Squid: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201110-24 (Squid: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Squid. Please review the CVE identifiers referenced below for details. Impact : Remote unauthenticated attackers may be able to execute arbitrary code with the privileges of the Squid process or cause a Denial of Service. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201110-24" ); script_set_attribute( attribute:"solution", value: "All squid users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-proxy/squid-3.1.15' NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 4, 2011. It is likely that your system is already no longer affected by this issue." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:squid"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2011/10/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/10/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-proxy/squid", unaffected:make_list("ge 3.1.15"), vulnerable:make_list("lt 3.1.15"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Squid"); }
References
- http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072
- http://bugs.gentoo.org/show_bug.cgi?id=334263
- http://bugs.squid-cache.org/show_bug.cgi?id=3009
- http://bugs.squid-cache.org/show_bug.cgi?id=3021
- http://marc.info/?l=squid-users&m=128263555724981&w=2
- http://www.openwall.com/lists/oss-security/2010/08/24/6
- http://www.openwall.com/lists/oss-security/2010/08/24/7
- http://www.openwall.com/lists/oss-security/2010/08/25/2
- http://www.openwall.com/lists/oss-security/2010/08/25/6
- http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10072.patch
- https://bugzilla.redhat.com/show_bug.cgi?id=626927