Vulnerabilities > CVE-2018-1000027 - NULL Pointer Dereference vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
squid-cache
debian
canonical
CWE-476
nessus

Summary

The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.

Vulnerable Configurations

Part Description Count
Application
Squid-Cache
237
OS
Debian
3
OS
Canonical
3

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0636-1.NASL
    descriptionThis update for squid fixes the following issues: Security issues fixed : - CVE-2018-1000024: DoS fix caused by incorrect pointer handling when processing ESI responses. This affects the default custom esi_parser (bsc#1077003). - CVE-2018-1000027: DoS fix caused by incorrect pointer handing whien processing ESI responses or downloading intermediate CA certificates (bsc#1077006). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id107252
    published2018-03-09
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107252
    titleSUSE SLES12 Security Update : squid (SUSE-SU-2018:0636-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200407_SQUID_ON_SL7_X.NASL
    description* squid: Incorrect pointer handling when processing ESI Responses can lead to denial of service * squid: Incorrect pointer handling in HTTP processing and certificate download can lead to denial of service * squid: XSS via user_name or auth parameter in cachemgr.cgi
    last seen2020-04-30
    modified2020-04-21
    plugin id135837
    published2020-04-21
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135837
    titleScientific Linux Security Update : squid on SL7.x x86_64 (20200407)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-1068.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1068 advisory. - squid: Incorrect pointer handling when processing ESI Responses can lead to denial of service (CVE-2018-1000024) - squid: Incorrect pointer handling in HTTP processing and certificate download can lead to denial of service (CVE-2018-1000027) - squid: XSS via user_name or auth parameter in cachemgr.cgi (CVE-2019-13345) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-06
    modified2020-04-10
    plugin id135330
    published2020-04-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135330
    titleCentOS 7 : squid (CESA-2020:1068)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4122.NASL
    descriptionSeveral vulnerabilities have been discovered in Squid3, a fully featured web proxy cache. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2018-1000024 Louis Dion-Marcil discovered that Squid does not properly handle processing of certain ESI responses. A remote server delivering certain ESI response syntax can take advantage of this flaw to cause a denial of service for all clients accessing the Squid service. This problem is limited to the Squid custom ESI parser. - CVE-2018-1000027 Louis Dion-Marcil discovered that Squid is prone to a denial of service vulnerability when processing ESI responses or downloading intermediate CA certificates. A remote attacker can take advantage of this flaw to cause a denial of service for all clients accessing the Squid service.
    last seen2020-06-01
    modified2020-06-02
    plugin id106957
    published2018-02-23
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106957
    titleDebian DSA-4122-1 : squid3 - security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-238.NASL
    descriptionThis update for squid fixes the following issues : Security issues fixed : - CVE-2018-1000024: DoS fix caused by incorrect pointer handling when processing ESI responses. This affects the default custom esi_parser (bsc#1077003). - CVE-2018-1000027: DoS fix caused by incorrect pointer handing whien processing ESI responses or downloading intermediate CA certificates (bsc#1077006). This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen2020-06-05
    modified2018-03-09
    plugin id107245
    published2018-03-09
    reporterThis script is Copyright (C) 2018-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/107245
    titleopenSUSE Security Update : squid (openSUSE-2018-238)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1266.NASL
    descriptionSquid, a high-performance proxy caching server for web clients, has been found vulnerable to denial of service attacks associated with ESI response processing and intermediate CA certificate downloading. CVE-2018-1000024 Incorrect pointer handling resulted in the ability of a remote server to return a crafted ESI response which could trigger a denial of service for all clients accessing the Squid service. This issue affects the Squid custom ESI parser. CVE-2018-1000027 Incorrect pointer handling resulted in the possibility of a remote client delivering certain HTTP requests in conjunction with certain trusted server reponses involving the processing of ESI responses or downloading of intermediate CA certificates to trigger a denial of service for all clients accessing the squid service. For Debian 7
    last seen2020-03-17
    modified2018-02-05
    plugin id106589
    published2018-02-05
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106589
    titleDebian DLA-1266-1 : squid3 security update
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1267.NASL
    descriptionSquid, a high-performance proxy caching server for web clients, has been found vulnerable to denial of service attacks associated with ESI response processing and intermediate CA certificate downloading. CVE-2018-1000027 Incorrect pointer handling resulted in the possibility of a remote client delivering certain HTTP requests in conjunction with certain trusted server reponses involving the processing of ESI responses or downloading of intermediate CA certificates to trigger a denial of service for all clients accessing the squid service. For Debian 7
    last seen2020-03-17
    modified2018-02-05
    plugin id106590
    published2018-02-05
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106590
    titleDebian DLA-1267-1 : squid security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0752-1.NASL
    descriptionThis update for squid3 fixes the following issues: Security issues fixed : - CVE-2018-1000024: DoS fix caused by incorrect pointer handling when processing ESI responses. This affects the default custom esi_parser (bsc#1077003). - CVE-2018-1000027: DoS fix caused by incorrect pointer handing whien processing ESI responses or downloading intermediate CA certificates (bsc#1077006). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id108528
    published2018-03-22
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108528
    titleSUSE SLES11 Security Update : squid3 (SUSE-SU-2018:0752-1)
  • NASL familyFirewalls
    NASL idSQUID_2018_2.NASL
    descriptionAccording to its banner, the version of Squid running on the remote host is 3.x prior to 3.5.28, or 4.x prior to 4.0.23. It is, therefore, affected by multiple vulnerabilities: - A denial of service (DoS) vulnerability exists in the ESI response processing component due to incorrect pointer handling. A remote attacker controlled server can exploit this issue, via a crafted ESI response, to cause a denial of service for all clients accessing the Squid service (CVE-2018-1000024) - A denial of service (DoS) vulnerability exists in the HTTP message processing component due to incorrect pointer handling. An unauthenticated remote attacker can exploit this issue, via a crafted HTTP request, to cause a denial of service for all clients accessing the Squid service (CVE-2018-1000027) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id119724
    published2018-12-17
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119724
    titleSquid 3.x < 3.5.28 / 4.x < 4.0.23 Multiple Denial of Service Vulnerabilities (SQUID-2018:1) (SQUID-2018:2)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-1081.NASL
    descriptionThe Squid Software Foundation Squid HTTP Caching Proxy contains a NULL pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request.(CVE-2018-1000027) The Squid Software Foundation Squid HTTP Caching Proxy contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.(CVE-2018-1000024)
    last seen2020-06-01
    modified2020-06-02
    plugin id117605
    published2018-09-20
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117605
    titleAmazon Linux AMI : squid (ALAS-2018-1081)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1075.NASL
    descriptionAccording to the versions of the squid packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax..(CVE-2018-1000024) - The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. (CVE-2018-1000027) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2018-05-02
    plugin id109473
    published2018-05-02
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109473
    titleEulerOS 2.0 SP2 : squid (EulerOS-SA-2018-1075)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1068.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1068 advisory. - squid: Incorrect pointer handling when processing ESI Responses can lead to denial of service (CVE-2018-1000024) - squid: Incorrect pointer handling in HTTP processing and certificate download can lead to denial of service (CVE-2018-1000027) - squid: XSS via user_name or auth parameter in cachemgr.cgi (CVE-2019-13345) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-01
    plugin id135061
    published2020-04-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135061
    titleRHEL 7 : squid (RHSA-2020:1068)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_D5B6D151188711E894F79C5C8E75236A.NASL
    descriptionLouis Dion-Marcil reports : Due to incorrect pointer handling Squid is vulnerable to denial of service attack when processing ESI responses. This problem allows a remote server delivering certain ESI response syntax to trigger a denial of service for all clients accessing the Squid service. Due to unrelated changes Squid-3.5 has become vulnerable to some regular ESI server responses also triggering this issue. This problem is limited to the Squid custom ESI parser. Squid built to use libxml2 or libexpat XML parsers do not have this problem. Due to incorrect pointer handling Squid is vulnerable to denial of service attack when processing ESI responses or downloading intermediate CA certificates. This problem allows a remote client delivering certain HTTP requests in conjunction with certain trusted server responses to trigger a denial of service for all clients accessing the Squid service.
    last seen2020-06-01
    modified2020-06-02
    plugin id106995
    published2018-02-26
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106995
    titleFreeBSD : squid -- Vulnerable to Denial of Service attack (d5b6d151-1887-11e8-94f7-9c5c8e75236a)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1074.NASL
    descriptionAccording to the versions of the squid packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax..(CVE-2018-1000024) - The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. (CVE-2018-1000027) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2018-05-02
    plugin id109472
    published2018-05-02
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109472
    titleEulerOS 2.0 SP1 : squid (EulerOS-SA-2018-1074)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3557-1.NASL
    descriptionMathias Fischer discovered that Squid incorrectly handled certain long strings in headers. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2016-2569) William Lima discovered that Squid incorrectly handled XML parsing when processing Edge Side Includes (ESI). A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2016-2570) Alex Rousskov discovered that Squid incorrectly handled response-parsing failures. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-2571) Santiago Ruano Rincon discovered that Squid incorrectly handled certain Vary headers. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2016-3948) Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge Side Includes (ESI) responses. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. (CVE-2018-1000024) Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge Side Includes (ESI) responses. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. (CVE-2018-1000027). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id106619
    published2018-02-06
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106619
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.10 : squid3 vulnerabilities (USN-3557-1)

Redhat

rpms
  • squid-7:3.5.20-15.el7
  • squid-debuginfo-7:3.5.20-15.el7
  • squid-migration-script-7:3.5.20-15.el7
  • squid-sysvinit-7:3.5.20-15.el7