Vulnerabilities > CVE-2011-4096 - Resource Management Errors vulnerability in Squid-Cache Squid
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-193.NASL description A vulnerability has been discovered and corrected in squid : The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record (CVE-2011-4096). The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 61941 published 2012-09-06 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61941 title Mandriva Linux Security Advisory : squid (MDVSA-2011:193) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2011-1791.NASL description An updated squid package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. An input validation flaw was found in the way Squid calculated the total number of resource records in the answer section of multiple name server responses. An attacker could use this flaw to cause Squid to crash. (CVE-2011-4096) Users of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 57376 published 2011-12-23 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57376 title CentOS 6 : squid (CESA-2011:1791) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-1996-1.NASL description This update for squid3 fixes the following issues : - Multiple issues in pinger ICMP processing. (CVE-2014-7141, CVE-2014-7142) - CVE-2016-3947: Buffer overrun issue in pinger ICMPv6 processing. (bsc#973782) - CVE-2016-4554: fix header smuggling issue in HTTP Request processing (bsc#979010) - fix multiple Denial of Service issues in HTTP Response processing. (CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572, bsc#968392, bsc#968393, bsc#968394, bsc#968395) - CVE-2016-3948: Fix denial of service in HTTP Response processing (bsc#973783) - CVE-2016-4051: fixes buffer overflow in cachemgr.cgi (bsc#976553) - CVE-2016-4052, CVE-2016-4053, CVE-2016-4054 : - fixes multiple issues in ESI processing (bsc#976556) - CVE-2016-4556: fixes double free vulnerability in Esi.cc (bsc#979008) - CVE-2015-5400: Improper Protection of Alternate Path (bsc#938715) - CVE-2014-6270: fix off-by-one in snmp subsystem (bsc#895773) - Memory leak in squid3 when using external_acl (bsc#976708) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 93271 published 2016-09-02 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93271 title SUSE SLES11 Security Update : squid3 (SUSE-SU-2016:1996-1) NASL family Fedora Local Security Checks NASL id FEDORA_2011-15233.NASL description Upstream bugfix update fixing invalid free on certain DNS responses Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56863 published 2011-11-18 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56863 title Fedora 15 : squid-3.1.16-1.fc15 (2011-15233) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-1791.NASL description From Red Hat Security Advisory 2011:1791 : An updated squid package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. An input validation flaw was found in the way Squid calculated the total number of resource records in the answer section of multiple name server responses. An attacker could use this flaw to cause Squid to crash. (CVE-2011-4096) Users of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 68401 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68401 title Oracle Linux 6 : squid (ELSA-2011-1791) NASL family Fedora Local Security Checks NASL id FEDORA_2011-15256.NASL description Upstream bugfix release fixing invalid free on certain DNS responses Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56864 published 2011-11-18 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56864 title Fedora 14 : squid-3.1.16-1.fc14 (2011-15256) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-1791.NASL description An updated squid package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. An input validation flaw was found in the way Squid calculated the total number of resource records in the answer section of multiple name server responses. An attacker could use this flaw to cause Squid to crash. (CVE-2011-4096) Users of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 57037 published 2011-12-07 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57037 title RHEL 6 : squid (RHSA-2011:1791) NASL family SuSE Local Security Checks NASL id SUSE_11_4_SQUID3-111222.NASL description This update fixes the following security issue : - 727492: Invalid free by processing CNAME (CVE-2011-4096) This update also fixes the following non-security issue : - 737905: installation creates empty spurious file last seen 2020-06-01 modified 2020-06-02 plugin id 76031 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76031 title openSUSE Security Update : squid3 (openSUSE-SU-2012:0213-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2381.NASL description It was discovered that the IPv6 support code in Squid does not properly handle certain DNS responses, resulting in deallocation of an invalid pointer and a daemon crash. The squid package and the version of Squid 3 shipped in lenny lack IPv6 support and are not affected by this issue. last seen 2020-03-17 modified 2012-01-12 plugin id 57521 published 2012-01-12 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57521 title Debian DSA-2381-1 : squid3 - invalid memory deallocation NASL family Firewalls NASL id SQUID_3_1_16.NASL description According to its banner, the version of Squid is 3.1.x earlier than than 3.1.16 or 3.2.x earlier than 3.2.0.13. Such versions are affected by a denial of service vulnerability. The application does not properly free memory when handling DNS replies containing a CNAME record that references another CNAME record that contains an empty A record. Note that Nessus has relied only on the version in the proxy server last seen 2020-06-01 modified 2020-06-02 plugin id 57287 published 2011-12-14 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57287 title Squid 3.1.x < 3.1.16 / 3.2.x < 3.2.0.13 DNS Replies CName Record Parsing Remote DoS NASL family Scientific Linux Local Security Checks NASL id SL_20111206_SQUID_ON_SL6_X.NASL description Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. An input validation flaw was found in the way Squid calculated the total number of resource records in the answer section of multiple name server responses. An attacker could use this flaw to cause Squid to crash. (CVE-2011-4096) Users of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 61199 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61199 title Scientific Linux Security Update : squid on SL6.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_11_SQUID3-111222.NASL description This update fixes the following security issue : - 727492: Invalid free by processing CNAME (CVE-2011-4096) It also fixes the following non-security issue : - 737905: installation creates empty spurious file last seen 2020-06-01 modified 2020-06-02 plugin id 57727 published 2012-01-30 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57727 title SuSE 11.1 Security Update : squid3 (SAT Patch Number 5583) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-2089-1.NASL description This update for squid3 fixes the following issues : - Multiple issues in pinger ICMP processing. (CVE-2014-7141, CVE-2014-7142) - CVE-2016-3947: Buffer overrun issue in pinger ICMPv6 processing. (bsc#973782) - CVE-2016-4554: fix header smuggling issue in HTTP Request processing (bsc#979010) - Fix multiple Denial of Service issues in HTTP Response processing. (CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572, bsc#968392, bsc#968393, bsc#968394, bsc#968395) - Regression caused by the DoS fixes above (bsc#993299) - CVE-2016-3948: Fix denial of service in HTTP Response processing (bsc#973783) - CVE-2016-4051: fixes buffer overflow in cachemgr.cgi (bsc#976553) - CVE-2016-4052, CVE-2016-4053, CVE-2016-4054 : - fixes multiple issues in ESI processing (bsc#976556) - CVE-2016-4556: fixes double free vulnerability in Esi.cc (bsc#979008) - CVE-2015-5400: Improper Protection of Alternate Path (bsc#938715) - CVE-2014-6270: fix off-by-one in snmp subsystem (bsc#895773) - Memory leak in squid3 when using external_acl (bsc#976708) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 93294 published 2016-09-02 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93294 title SUSE SLES11 Security Update : squid3 (SUSE-SU-2016:2089-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201309-22.NASL description The remote host is affected by the vulnerability described in GLSA-201309-22 (Squid: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Squid. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to bypass ACL restrictions or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 70182 published 2013-09-28 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70182 title GLSA-201309-22 : Squid: Multiple vulnerabilities
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://bugs.squid-cache.org/show_bug.cgi?id=3237#c12
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
- http://secunia.com/advisories/46609
- http://secunia.com/advisories/47459
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:193
- http://www.openwall.com/lists/oss-security/2011/10/31/5
- http://www.openwall.com/lists/oss-security/2011/11/01/3
- http://www.redhat.com/support/errata/RHSA-2011-1791.html
- http://www.securitytracker.com/id?1026265
- http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID_3_1_16.html