Vulnerabilities > CVE-2010-3072 - Denial Of Service vulnerability in Squid Proxy String Processing NULL Pointer Dereference
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'
Vulnerable Configurations
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2010-14222.NASL description - Upstream 3.1.8 bugfix release fixing SQUID-2010:3 denial of service issue. * Drop -fPIE compiler flag which resulted in inconsistent build and SELinux complaints. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 49242 published 2010-09-16 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49242 title Fedora 13 : squid-3.1.8-1.fc13 (2010-14222) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2010-14222. # include("compat.inc"); if (description) { script_id(49242); script_version("1.11"); script_cvs_date("Date: 2019/08/02 13:32:31"); script_cve_id("CVE-2010-3072"); script_bugtraq_id(42982); script_xref(name:"FEDORA", value:"2010-14222"); script_name(english:"Fedora 13 : squid-3.1.8-1.fc13 (2010-14222)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Upstream 3.1.8 bugfix release fixing SQUID-2010:3 denial of service issue. * Drop -fPIE compiler flag which resulted in inconsistent build and SELinux complaints. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=630444" ); # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/047787.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b22ce931" ); script_set_attribute(attribute:"solution", value:"Update the affected squid package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:squid"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:13"); script_set_attribute(attribute:"patch_publication_date", value:"2010/09/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^13([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 13.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC13", reference:"squid-3.1.8-1.fc13")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "squid"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2111.NASL description Phil Oester discovered that Squid-3, a fully featured Web Proxy cache, is prone to a denial of service attack via a specially crafted request that includes empty strings. last seen 2020-06-01 modified 2020-06-02 plugin id 49277 published 2010-09-20 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49277 title Debian DSA-2111-1 : squid3 - denial of service code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2111. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(49277); script_version("1.11"); script_cvs_date("Date: 2019/08/02 13:32:23"); script_cve_id("CVE-2010-3072"); script_bugtraq_id(42982); script_xref(name:"DSA", value:"2111"); script_name(english:"Debian DSA-2111-1 : squid3 - denial of service"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Phil Oester discovered that Squid-3, a fully featured Web Proxy cache, is prone to a denial of service attack via a specially crafted request that includes empty strings." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=596086" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2010/dsa-2111" ); script_set_attribute( attribute:"solution", value: "Upgrade the squid3 packages. For the stable distribution (lenny), this problem has been fixed in version 3.0.STABLE8-3+lenny4." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squid3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0"); script_set_attribute(attribute:"patch_publication_date", value:"2010/09/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"5.0", prefix:"squid3", reference:"3.0.STABLE8-3+lenny4")) flag++; if (deb_check(release:"5.0", prefix:"squid3-cgi", reference:"3.0.STABLE8-3+lenny4")) flag++; if (deb_check(release:"5.0", prefix:"squid3-common", reference:"3.0.STABLE8-3+lenny4")) flag++; if (deb_check(release:"5.0", prefix:"squidclient", reference:"3.0.STABLE8-3+lenny4")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0545.NASL description An updated squid package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. It was found that string comparison functions in Squid did not properly handle the comparisons of NULL and empty strings. A remote, trusted web client could use this flaw to cause the squid daemon to crash via a specially crafted request. (CVE-2010-3072) This update also fixes the following bugs : * A small memory leak in Squid caused multiple last seen 2020-06-01 modified 2020-06-02 plugin id 54591 published 2011-05-20 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/54591 title RHEL 6 : squid (RHSA-2011:0545) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2011:0545. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(54591); script_version ("1.17"); script_cvs_date("Date: 2019/10/25 13:36:16"); script_cve_id("CVE-2010-3072"); script_bugtraq_id(42982); script_xref(name:"RHSA", value:"2011:0545"); script_name(english:"RHEL 6 : squid (RHSA-2011:0545)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An updated squid package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. It was found that string comparison functions in Squid did not properly handle the comparisons of NULL and empty strings. A remote, trusted web client could use this flaw to cause the squid daemon to crash via a specially crafted request. (CVE-2010-3072) This update also fixes the following bugs : * A small memory leak in Squid caused multiple 'ctx: enter level' messages to be logged to '/var/log/squid/cache.log'. This update resolves the memory leak. (BZ#666533) * This erratum upgrades Squid to upstream version 3.1.10. This upgraded version supports the Google Instant service and introduces various code improvements. (BZ#639365) Users of squid should upgrade to this updated package, which resolves these issues. After installing this update, the squid service will be restarted automatically." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-3072" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2011:0545" ); script_set_attribute( attribute:"solution", value:"Update the affected squid and / or squid-debuginfo packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:squid"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:squid-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/09/20"); script_set_attribute(attribute:"patch_publication_date", value:"2011/05/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/05/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2011:0545"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"squid-3.1.10-1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"squid-3.1.10-1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"squid-3.1.10-1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"squid-debuginfo-3.1.10-1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"squid-debuginfo-3.1.10-1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"squid-debuginfo-3.1.10-1.el6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "squid / squid-debuginfo"); } }NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-187.NASL description A vulnerability has been found and corrected in squid : The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request (CVE-2010-3072). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 49654 published 2010-09-23 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49654 title Mandriva Linux Security Advisory : squid (MDVSA-2010:187) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2010:187. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(49654); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:53"); script_cve_id("CVE-2010-3072"); script_bugtraq_id(42982); script_xref(name:"MDVSA", value:"2010:187"); script_name(english:"Mandriva Linux Security Advisory : squid (MDVSA-2010:187)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A vulnerability has been found and corrected in squid : The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request (CVE-2010-3072). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been patched to correct this issue." ); script_set_attribute( attribute:"solution", value:"Update the affected squid and / or squid-cachemgr packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:squid"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:squid-cachemgr"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.1"); script_set_attribute(attribute:"patch_publication_date", value:"2010/09/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2009.0", reference:"squid-3.0-22.4mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"squid-cachemgr-3.0-22.4mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"squid-3.0-22.4mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"squid-cachemgr-3.0-22.4mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"squid-3.0-22.4mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"squid-cachemgr-3.0-22.4mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"squid-3.1-14.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"squid-cachemgr-3.1-14.1mdv2010.1", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_11_1_SQUID3-101014.NASL description A remote trusted client can cause a NULL pointer dereference within squid to make it crash. (CVE-2010-3072: CVSS v2 Base Score: 5.0) last seen 2020-06-01 modified 2020-06-02 plugin id 50014 published 2010-10-18 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50014 title openSUSE Security Update : squid3 (openSUSE-SU-2010:0727-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update squid3-3328. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(50014); script_version("1.6"); script_cvs_date("Date: 2019/10/25 13:36:38"); script_cve_id("CVE-2010-3072"); script_name(english:"openSUSE Security Update : squid3 (openSUSE-SU-2010:0727-1)"); script_summary(english:"Check for the squid3-3328 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "A remote trusted client can cause a NULL pointer dereference within squid to make it crash. (CVE-2010-3072: CVSS v2 Base Score: 5.0)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=637287" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2010-10/msg00016.html" ); script_set_attribute( attribute:"solution", value:"Update the affected squid3 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:squid3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1"); script_set_attribute(attribute:"patch_publication_date", value:"2010/10/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.1", reference:"squid3-3.0.STABLE10-2.14.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "squid"); }NASL family SuSE Local Security Checks NASL id SUSE_11_3_SQUID3-101014.NASL description A remote trusted client can cause a NULL pointer dereference within squid to make it crash. (CVE-2010-3072: CVSS v2 Base Score: 5.0) last seen 2020-06-01 modified 2020-06-02 plugin id 75746 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75746 title openSUSE Security Update : squid3 (openSUSE-SU-2010:0727-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update squid3-3328. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75746); script_version("1.4"); script_cvs_date("Date: 2019/10/25 13:36:39"); script_cve_id("CVE-2010-3072"); script_name(english:"openSUSE Security Update : squid3 (openSUSE-SU-2010:0727-1)"); script_summary(english:"Check for the squid3-3328 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "A remote trusted client can cause a NULL pointer dereference within squid to make it crash. (CVE-2010-3072: CVSS v2 Base Score: 5.0)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=637287" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2010-10/msg00016.html" ); script_set_attribute( attribute:"solution", value:"Update the affected squid3 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:squid3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3"); script_set_attribute(attribute:"patch_publication_date", value:"2010/10/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.3", reference:"squid3-3.0.STABLE25-2.1.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "squid"); }NASL family Scientific Linux Local Security Checks NASL id SL_20110519_SQUID_ON_SL6_X.NASL description Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. It was found that string comparison functions in Squid did not properly handle the comparisons of NULL and empty strings. A remote, trusted web client could use this flaw to cause the squid daemon to crash via a specially crafted request. (CVE-2010-3072) This update also fixes the following bugs : - A small memory leak in Squid caused multiple last seen 2020-06-01 modified 2020-06-02 plugin id 61048 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61048 title Scientific Linux Security Update : squid on SL6.x i386/x86_64 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(61048); script_version("1.5"); script_cvs_date("Date: 2019/10/25 13:36:19"); script_cve_id("CVE-2010-3072"); script_name(english:"Scientific Linux Security Update : squid on SL6.x i386/x86_64"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. It was found that string comparison functions in Squid did not properly handle the comparisons of NULL and empty strings. A remote, trusted web client could use this flaw to cause the squid daemon to crash via a specially crafted request. (CVE-2010-3072) This update also fixes the following bugs : - A small memory leak in Squid caused multiple 'ctx: enter level' messages to be logged to '/var/log/squid/cache.log'. This update resolves the memory leak. (BZ#666533) - This erratum upgrades Squid to upstream version 3.1.10. This upgraded version supports the Google Instant service and introduces various code improvements. (BZ#639365) Users of squid should upgrade to this updated package, which resolves these issues. After installing this update, the squid service will be restarted automatically." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=639365" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=666533" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1106&L=scientific-linux-errata&T=0&P=545 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4c37de8e" ); script_set_attribute( attribute:"solution", value:"Update the affected squid and / or squid-debuginfo packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2011/05/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL6", reference:"squid-3.1.10-1.el6")) flag++; if (rpm_check(release:"SL6", reference:"squid-debuginfo-3.1.10-1.el6")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201110-24.NASL description The remote host is affected by the vulnerability described in GLSA-201110-24 (Squid: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Squid. Please review the CVE identifiers referenced below for details. Impact : Remote unauthenticated attackers may be able to execute arbitrary code with the privileges of the Squid process or cause a Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 56658 published 2011-10-27 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56658 title GLSA-201110-24 : Squid: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201110-24. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(56658); script_version("1.9"); script_cvs_date("Date: 2018/07/11 17:09:26"); script_cve_id("CVE-2009-2621", "CVE-2009-2622", "CVE-2009-2855", "CVE-2010-0308", "CVE-2010-0639", "CVE-2010-2951", "CVE-2010-3072", "CVE-2011-3205"); script_bugtraq_id(35812, 36091, 37522, 38212, 42645, 42982, 49356); script_xref(name:"GLSA", value:"201110-24"); script_name(english:"GLSA-201110-24 : Squid: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201110-24 (Squid: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Squid. Please review the CVE identifiers referenced below for details. Impact : Remote unauthenticated attackers may be able to execute arbitrary code with the privileges of the Squid process or cause a Denial of Service. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201110-24" ); script_set_attribute( attribute:"solution", value: "All squid users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-proxy/squid-3.1.15' NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 4, 2011. It is likely that your system is already no longer affected by this issue." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:squid"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2011/10/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/10/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-proxy/squid", unaffected:make_list("ge 3.1.15"), vulnerable:make_list("lt 3.1.15"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Squid"); }NASL family Firewalls NASL id SQUID_3_1_8.NASL description According to its banner, the version of Squid is 3.x earlier than than 3.1.8, or 3.2.x earlier than 3.2.0.2. Such versions are potentially affected by a denial of service vulnerability caused by an internal error in string handling. A remote attacker, exploiting this flaw, could crash the affected service. Note that Nessus has relied only on the version in the proxy server last seen 2020-06-01 modified 2020-06-02 plugin id 49693 published 2010-09-28 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49693 title Squid < 3.1.8 / 3.2.0.2 NULL Pointer Dereference Denial of Service NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_E4DAC715C81811DFA92C0015587E2CC1.NASL description Squid security advisory 2010:3 reports : Due to an internal error in string handling Squid is vulnerable to a denial of service attack when processing specially crafted requests. This problem allows any trusted client to perform a denial of service attack on the Squid service. last seen 2020-06-01 modified 2020-06-02 plugin id 49687 published 2010-09-27 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49687 title FreeBSD : squid -- Denial of service vulnerability in request handling (e4dac715-c818-11df-a92c-0015587e2cc1) NASL family Fedora Local Security Checks NASL id FEDORA_2010-14236.NASL description - Upstream 3.1.8 bugfix release fixing SQUID-2010:3 denial of service issue. * Drop -fPIE compiler flag which resulted in inconsistent build and SELinux complaints. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 49243 published 2010-09-16 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49243 title Fedora 12 : squid-3.1.8-1.fc12 (2010-14236) NASL family SuSE Local Security Checks NASL id SUSE_11_2_SQUID3-101014.NASL description A remote trusted client can cause a NULL pointer dereference within squid to make it crash. (CVE-2010-3072: CVSS v2 Base Score: 5.0) last seen 2020-06-01 modified 2020-06-02 plugin id 50020 published 2010-10-18 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50020 title openSUSE Security Update : squid3 (openSUSE-SU-2010:0727-1)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047787.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047820.html
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
- http://secunia.com/advisories/41298
- http://secunia.com/advisories/41477
- http://secunia.com/advisories/41534
- http://www.debian.org/security/2010/dsa-2111
- http://www.openwall.com/lists/oss-security/2010/09/05/2
- http://www.openwall.com/lists/oss-security/2010/09/07/7
- http://www.securityfocus.com/bid/42982
- http://www.squid-cache.org/Advisories/SQUID-2010_3.txt
- http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9189.patch
- http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10090.patch
- http://www.vupen.com/english/advisories/2010/2433
- https://bugzilla.redhat.com/show_bug.cgi?id=630444