Vulnerabilities > CVE-2018-1000027 - NULL Pointer Dereference vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0636-1.NASL description This update for squid fixes the following issues: Security issues fixed : - CVE-2018-1000024: DoS fix caused by incorrect pointer handling when processing ESI responses. This affects the default custom esi_parser (bsc#1077003). - CVE-2018-1000027: DoS fix caused by incorrect pointer handing whien processing ESI responses or downloading intermediate CA certificates (bsc#1077006). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 107252 published 2018-03-09 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107252 title SUSE SLES12 Security Update : squid (SUSE-SU-2018:0636-1) NASL family Scientific Linux Local Security Checks NASL id SL_20200407_SQUID_ON_SL7_X.NASL description * squid: Incorrect pointer handling when processing ESI Responses can lead to denial of service * squid: Incorrect pointer handling in HTTP processing and certificate download can lead to denial of service * squid: XSS via user_name or auth parameter in cachemgr.cgi last seen 2020-04-30 modified 2020-04-21 plugin id 135837 published 2020-04-21 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135837 title Scientific Linux Security Update : squid on SL7.x x86_64 (20200407) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2020-1068.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1068 advisory. - squid: Incorrect pointer handling when processing ESI Responses can lead to denial of service (CVE-2018-1000024) - squid: Incorrect pointer handling in HTTP processing and certificate download can lead to denial of service (CVE-2018-1000027) - squid: XSS via user_name or auth parameter in cachemgr.cgi (CVE-2019-13345) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-06 modified 2020-04-10 plugin id 135330 published 2020-04-10 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135330 title CentOS 7 : squid (CESA-2020:1068) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4122.NASL description Several vulnerabilities have been discovered in Squid3, a fully featured web proxy cache. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2018-1000024 Louis Dion-Marcil discovered that Squid does not properly handle processing of certain ESI responses. A remote server delivering certain ESI response syntax can take advantage of this flaw to cause a denial of service for all clients accessing the Squid service. This problem is limited to the Squid custom ESI parser. - CVE-2018-1000027 Louis Dion-Marcil discovered that Squid is prone to a denial of service vulnerability when processing ESI responses or downloading intermediate CA certificates. A remote attacker can take advantage of this flaw to cause a denial of service for all clients accessing the Squid service. last seen 2020-06-01 modified 2020-06-02 plugin id 106957 published 2018-02-23 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106957 title Debian DSA-4122-1 : squid3 - security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-238.NASL description This update for squid fixes the following issues : Security issues fixed : - CVE-2018-1000024: DoS fix caused by incorrect pointer handling when processing ESI responses. This affects the default custom esi_parser (bsc#1077003). - CVE-2018-1000027: DoS fix caused by incorrect pointer handing whien processing ESI responses or downloading intermediate CA certificates (bsc#1077006). This update was imported from the SUSE:SLE-12-SP2:Update update project. last seen 2020-06-05 modified 2018-03-09 plugin id 107245 published 2018-03-09 reporter This script is Copyright (C) 2018-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/107245 title openSUSE Security Update : squid (openSUSE-2018-238) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1266.NASL description Squid, a high-performance proxy caching server for web clients, has been found vulnerable to denial of service attacks associated with ESI response processing and intermediate CA certificate downloading. CVE-2018-1000024 Incorrect pointer handling resulted in the ability of a remote server to return a crafted ESI response which could trigger a denial of service for all clients accessing the Squid service. This issue affects the Squid custom ESI parser. CVE-2018-1000027 Incorrect pointer handling resulted in the possibility of a remote client delivering certain HTTP requests in conjunction with certain trusted server reponses involving the processing of ESI responses or downloading of intermediate CA certificates to trigger a denial of service for all clients accessing the squid service. For Debian 7 last seen 2020-03-17 modified 2018-02-05 plugin id 106589 published 2018-02-05 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106589 title Debian DLA-1266-1 : squid3 security update NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1267.NASL description Squid, a high-performance proxy caching server for web clients, has been found vulnerable to denial of service attacks associated with ESI response processing and intermediate CA certificate downloading. CVE-2018-1000027 Incorrect pointer handling resulted in the possibility of a remote client delivering certain HTTP requests in conjunction with certain trusted server reponses involving the processing of ESI responses or downloading of intermediate CA certificates to trigger a denial of service for all clients accessing the squid service. For Debian 7 last seen 2020-03-17 modified 2018-02-05 plugin id 106590 published 2018-02-05 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106590 title Debian DLA-1267-1 : squid security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0752-1.NASL description This update for squid3 fixes the following issues: Security issues fixed : - CVE-2018-1000024: DoS fix caused by incorrect pointer handling when processing ESI responses. This affects the default custom esi_parser (bsc#1077003). - CVE-2018-1000027: DoS fix caused by incorrect pointer handing whien processing ESI responses or downloading intermediate CA certificates (bsc#1077006). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 108528 published 2018-03-22 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108528 title SUSE SLES11 Security Update : squid3 (SUSE-SU-2018:0752-1) NASL family Firewalls NASL id SQUID_2018_2.NASL description According to its banner, the version of Squid running on the remote host is 3.x prior to 3.5.28, or 4.x prior to 4.0.23. It is, therefore, affected by multiple vulnerabilities: - A denial of service (DoS) vulnerability exists in the ESI response processing component due to incorrect pointer handling. A remote attacker controlled server can exploit this issue, via a crafted ESI response, to cause a denial of service for all clients accessing the Squid service (CVE-2018-1000024) - A denial of service (DoS) vulnerability exists in the HTTP message processing component due to incorrect pointer handling. An unauthenticated remote attacker can exploit this issue, via a crafted HTTP request, to cause a denial of service for all clients accessing the Squid service (CVE-2018-1000027) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 119724 published 2018-12-17 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119724 title Squid 3.x < 3.5.28 / 4.x < 4.0.23 Multiple Denial of Service Vulnerabilities (SQUID-2018:1) (SQUID-2018:2) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-1081.NASL description The Squid Software Foundation Squid HTTP Caching Proxy contains a NULL pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request.(CVE-2018-1000027) The Squid Software Foundation Squid HTTP Caching Proxy contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.(CVE-2018-1000024) last seen 2020-06-01 modified 2020-06-02 plugin id 117605 published 2018-09-20 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117605 title Amazon Linux AMI : squid (ALAS-2018-1081) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1075.NASL description According to the versions of the squid packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax..(CVE-2018-1000024) - The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. (CVE-2018-1000027) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2018-05-02 plugin id 109473 published 2018-05-02 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109473 title EulerOS 2.0 SP2 : squid (EulerOS-SA-2018-1075) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1068.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1068 advisory. - squid: Incorrect pointer handling when processing ESI Responses can lead to denial of service (CVE-2018-1000024) - squid: Incorrect pointer handling in HTTP processing and certificate download can lead to denial of service (CVE-2018-1000027) - squid: XSS via user_name or auth parameter in cachemgr.cgi (CVE-2019-13345) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-04-23 modified 2020-04-01 plugin id 135061 published 2020-04-01 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135061 title RHEL 7 : squid (RHSA-2020:1068) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_D5B6D151188711E894F79C5C8E75236A.NASL description Louis Dion-Marcil reports : Due to incorrect pointer handling Squid is vulnerable to denial of service attack when processing ESI responses. This problem allows a remote server delivering certain ESI response syntax to trigger a denial of service for all clients accessing the Squid service. Due to unrelated changes Squid-3.5 has become vulnerable to some regular ESI server responses also triggering this issue. This problem is limited to the Squid custom ESI parser. Squid built to use libxml2 or libexpat XML parsers do not have this problem. Due to incorrect pointer handling Squid is vulnerable to denial of service attack when processing ESI responses or downloading intermediate CA certificates. This problem allows a remote client delivering certain HTTP requests in conjunction with certain trusted server responses to trigger a denial of service for all clients accessing the Squid service. last seen 2020-06-01 modified 2020-06-02 plugin id 106995 published 2018-02-26 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106995 title FreeBSD : squid -- Vulnerable to Denial of Service attack (d5b6d151-1887-11e8-94f7-9c5c8e75236a) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1074.NASL description According to the versions of the squid packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax..(CVE-2018-1000024) - The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. (CVE-2018-1000027) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2018-05-02 plugin id 109472 published 2018-05-02 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109472 title EulerOS 2.0 SP1 : squid (EulerOS-SA-2018-1074) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3557-1.NASL description Mathias Fischer discovered that Squid incorrectly handled certain long strings in headers. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2016-2569) William Lima discovered that Squid incorrectly handled XML parsing when processing Edge Side Includes (ESI). A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2016-2570) Alex Rousskov discovered that Squid incorrectly handled response-parsing failures. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-2571) Santiago Ruano Rincon discovered that Squid incorrectly handled certain Vary headers. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2016-3948) Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge Side Includes (ESI) responses. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. (CVE-2018-1000024) Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge Side Includes (ESI) responses. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. (CVE-2018-1000027). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 106619 published 2018-02-06 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106619 title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : squid3 vulnerabilities (USN-3557-1)
Redhat
rpms |
|
References
- http://www.squid-cache.org/Advisories/SQUID-2018_2.txt
- http://www.squid-cache.org/Advisories/SQUID-2018_2.txt
- http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch
- http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch
- http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patch
- http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patch
- https://github.com/squid-cache/squid/pull/129/files
- https://github.com/squid-cache/squid/pull/129/files
- https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html
- https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html
- https://lists.debian.org/debian-lts-announce/2018/02/msg00002.html
- https://lists.debian.org/debian-lts-announce/2018/02/msg00002.html
- https://usn.ubuntu.com/3557-1/
- https://usn.ubuntu.com/3557-1/
- https://usn.ubuntu.com/4059-2/
- https://usn.ubuntu.com/4059-2/
- https://www.debian.org/security/2018/dsa-4122
- https://www.debian.org/security/2018/dsa-4122