Vulnerabilities > CVE-2018-19132 - Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- HTTP DoS An attacker performs flooding at the HTTP level to bring down only a particular web application rather than anything listening on a TCP/IP connection. This denial of service attack requires substantially fewer packets to be sent which makes DoS harder to detect. This is an equivalent of SYN flood in HTTP. The idea is to keep the HTTP session alive indefinitely and then repeat that hundreds of times. This attack targets resource depletion weaknesses in web server software. The web server will wait to attacker's responses on the initiated HTTP sessions while the connection threads are being exhausted.
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4059-1.NASL description It was discovered that Squid incorrectly handled certain SNMP packets. A remote attacker could possibly use this issue to cause memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-19132) It was discovered that Squid incorrectly handled the cachemgr.cgi web module. A remote attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. (CVE-2019-13345). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126749 published 2019-07-16 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126749 title Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : squid, squid3 vulnerabilities (USN-4059-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1429.NASL description This update for squid fixes the following issues : Security issues fixed : - CVE-2018-19131: Fixed Cross-Site-Scripting vulnerability in the TLS error handling (bsc#1113668). - CVE-2018-19132: Fixed small memory leak in processing of SNMP packets (bsc#1113669). Non-security issues fixed : - Create runtime directories needed when SMP mode is enabled (bsc#1112695, bsc#1112066). - Install license correctly (bsc#1082318). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-05 modified 2018-11-21 plugin id 119079 published 2018-11-21 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119079 title openSUSE Security Update : squid (openSUSE-2018-1429) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2019-1176.NASL description A memory leak was discovered in the way Squid handles SNMP denied queries. A remote attacker may use this flaw to exhaust the resources on the server machine. (CVE-2018-19132) last seen 2020-06-01 modified 2020-06-02 plugin id 123084 published 2019-03-26 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123084 title Amazon Linux AMI : squid (ALAS-2019-1176) NASL family Fedora Local Security Checks NASL id FEDORA_2018-714298460E.NASL description Version update + Security fix for CVE-2018-19131 and CVE-2018-19132 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120523 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120523 title Fedora 29 : 7:squid (2018-714298460e) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-3771-1.NASL description This update for squid fixes the following issues : Security issues fixed : CVE-2018-19131: Fixed Cross-Site-Scripting vulnerability in the TLS error handling (bsc#1113668). CVE-2018-19132: Fixed small memory leak in processing of SNMP packets (bsc#1113669). Non-security issues fixed: Create runtime directories needed when SMP mode is enabled (bsc#1112695, bsc#1112066). Install license correctly (bsc#1082318). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 119012 published 2018-11-16 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119012 title SUSE SLES12 Security Update : squid (SUSE-SU-2018:3771-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-3771-2.NASL description This update for squid fixes the following issues : Security issues fixed : CVE-2018-19131: Fixed Cross-Site-Scripting vulnerability in the TLS error handling (bsc#1113668). CVE-2018-19132: Fixed small memory leak in processing of SNMP packets (bsc#1113669). Non-security issues fixed: Create runtime directories needed when SMP mode is enabled (bsc#1112695, bsc#1112066). Install license correctly (bsc#1082318). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-12 modified 2018-12-10 plugin id 119554 published 2018-12-10 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119554 title SUSE SLES12 Security Update : squid (SUSE-SU-2018:3771-2) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2231.NASL description According to the versions of the squid packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.(CVE-2016-10003) - Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.(CVE-2018-19131) - Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.(CVE-2018-19132) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-11-08 plugin id 130693 published 2019-11-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130693 title EulerOS 2.0 SP5 : squid (EulerOS-SA-2019-2231) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1596.NASL description It was discovered that there can be a denial of service (DoS) vulnerability in squid3 due to a memory leak in SNMP query rejection code when SNMP is enabled. In environments where per-process memory restrictions are not enforced strictly, a remote attacker to consume all memory available to the Squid process, causing it to crash. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 119153 published 2018-11-27 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119153 title Debian DLA-1596-1 : squid3 security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-936.NASL description This update for squid fixes the following issues : Security issues fixed : - CVE-2018-19131: Fixed Cross-Site-Scripting vulnerability in the TLS error handling (bsc#1113668). - CVE-2018-19132: Fixed small memory leak in processing of SNMP packets (bsc#1113669). Non-security issues fixed : - Create runtime directories needed when SMP mode is enabled (bsc#1112695, bsc#1112066). - Install license correctly (bsc#1082318). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 123382 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123382 title openSUSE Security Update : squid (openSUSE-2019-936) NASL family Firewalls NASL id SQUID_2018_5.NASL description According to its banner, the version of Squid running on the remote host is 3.2.x after or equal to 3.2.0.10, 3.3.x, 3.4.x, 3.5.x prior or equal to 3.5.28, or 4.x prior to 4.4. It is, therefore, affected by a denial of service (DoS) vulnerability in the SNMP component due to a memory leak in SNMP query rejection code. An unauthenticated, remote attacker can exploit this issue to consume all memory available to the Squid process, causing it to crash. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 119727 published 2018-12-17 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119727 title Squid 3.2.0.10 <= 3.2.x / 3.3.x / 3.4.x / 3.5.x <= 3.5.28 / 4.x < 4.4 Denial of Service Vulnerability (SQUID-2018:5) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-3786-1.NASL description This update for squid fixes the following issues : Security issues fixed : CVE-2018-19131: Fixed Cross-Site-Scripting vulnerability in the TLS error handling (bsc#1113668). CVE-2018-19132: Fixed small memory leak in processing of SNMP packets (bsc#1113669). Non-security issues fixed: Create runtime directories needed when SMP mode is enabled (bsc#1112695, bsc#1112066). Install license correctly (bsc#1082318). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2019-01-02 plugin id 120164 published 2019-01-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120164 title SUSE SLES15 Security Update : squid (SUSE-SU-2018:3786-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2445.NASL description According to the versions of the squid packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.(CVE-2018-19131) - Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.(CVE-2018-19132) - Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.(CVE-2016-10003) - An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token last seen 2020-05-08 modified 2019-12-04 plugin id 131599 published 2019-12-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131599 title EulerOS 2.0 SP2 : squid (EulerOS-SA-2019-2445) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1044.NASL description According to the versions of the squid packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A Cross-Site Scripting vulnerability has been discovered in squid in the way X.509 certificates fields are displayed in some error pages. An attacker who can control the certificate of the origin content server may use this flaw to inject scripting code in the squid generated page, which is executed on the client last seen 2020-05-06 modified 2019-02-15 plugin id 122217 published 2019-02-15 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122217 title EulerOS 2.0 SP3 : squid (EulerOS-SA-2019-1044) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1428.NASL description This update for squid fixes the following issues : Security issues fixed : - CVE-2018-19131: Fixed Cross-Site-Scripting vulnerability in the TLS error handling (bsc#1113668). - CVE-2018-19132: Fixed small memory leak in processing of SNMP packets (bsc#1113669). Non-security issues fixed : - Create runtime directories needed when SMP mode is enabled (bsc#1112695, bsc#1112066). - Install license correctly (bsc#1082318). last seen 2020-06-05 modified 2018-11-21 plugin id 119078 published 2018-11-21 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119078 title openSUSE Security Update : squid (openSUSE-2018-1428)
References
- http://www.squid-cache.org/Advisories/SQUID-2018_5.txt
- http://www.squid-cache.org/Advisories/SQUID-2018_5.txt
- http://www.squid-cache.org/Versions/v5/changesets/squid-5-644131ff1e00c1895d77561f561d29c104ba6b11.patch
- http://www.squid-cache.org/Versions/v5/changesets/squid-5-644131ff1e00c1895d77561f561d29c104ba6b11.patch
- https://github.com/squid-cache/squid/pull/313
- https://github.com/squid-cache/squid/pull/313
- https://lists.debian.org/debian-lts-announce/2018/11/msg00032.html
- https://lists.debian.org/debian-lts-announce/2018/11/msg00032.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html
- https://usn.ubuntu.com/4059-1/
- https://usn.ubuntu.com/4059-1/