Vulnerabilities > CVE-2020-8450 - Incorrect Calculation of Buffer Size vulnerability in multiple products

047910
CVSS 7.3 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
LOW

Summary

An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.

Vulnerable Configurations

Part Description Count
Application
Squid-Cache
246
OS
Canonical
3
OS
Opensuse
1
OS
Fedoraproject
2
OS
Debian
2

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2020-790296A8F4.NASL
    description - update to 4.10 - Resolves: #1798535 - CVE-2019-12528 squid: Information Disclosure issue in FTP Gateway - Resolves: #1798554 - CVE-2020-8450 squid: Buffer overflow in a Squid acting as reverse-proxy - Resolves: #1798541 - CVE-2020-8449 squid: Improper input validation issues. in HTTP Request processing Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-09
    modified2020-04-06
    plugin id135211
    published2020-04-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135211
    titleFedora 31 : 7:squid (2020-790296a8f4)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2020-AB8E7463AB.NASL
    description - update to 4.10 - Resolves: #1798535 - CVE-2019-12528 squid: Information Disclosure issue in FTP Gateway - Resolves: #1798554 - CVE-2020-8450 squid: Buffer overflow in a Squid acting as reverse-proxy - Resolves: #1798541 - CVE-2020-8449 squid: Improper input validation issues. in HTTP Request processing Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-10
    modified2020-04-06
    plugin id135213
    published2020-04-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135213
    titleFedora 30 : 7:squid (2020-ab8e7463ab)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4682.NASL
    descriptionMultiple security issues were discovered in the Squid proxy caching server, which could result in the bypass of security filters, information disclosure, the execution of arbitrary code or denial of service.
    last seen2020-05-15
    modified2020-05-11
    plugin id136430
    published2020-05-11
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136430
    titleDebian DSA-4682-1 : squid - security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-606.NASL
    descriptionThis update for squid to version 4.10 fixes the following issues : Security issues fixed : - CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway (bsc#1162689). - CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). - CVE-2020-8450: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). - CVE-2020-8517: Fixed a buffer overflow in ext_lm_group_acl when processing NTLM Authentication credentials (bsc#1162691). Non-security issue fixed : - Improved cache handling with chunked responses. This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-05-08
    modified2020-05-04
    plugin id136316
    published2020-05-04
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136316
    titleopenSUSE Security Update : squid (openSUSE-2020-606)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0661-1.NASL
    descriptionThis update for squid fixes the following issues : CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway (bsc#1162689). CVE-2019-12526: Fixed potential remote code execution during URN processing (bsc#1156326). CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in URI processing (bsc#1156329). CVE-2019-18677: Fixed Cross-Site Request Forgery in HTTP Request processing (bsc#1156328). CVE-2019-18678: Fixed incorrect message parsing which could have led to HTTP request splitting issue (bsc#1156323). CVE-2019-18679: Fixed information disclosure when processing HTTP Digest Authentication (bsc#1156324). CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). CVE-2020-8450: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). CVE-2020-8517: Fixed a buffer overflow in ext_lm_group_acl when processing NTLM Authentication credentials (bsc#1162691). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2020-03-13
    plugin id134561
    published2020-03-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134561
    titleSUSE SLES12 Security Update : squid (SUSE-SU-2020:0661-1)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_57C1C2EE791411EA90BF0800276545C1.NASL
    descriptionThe Squid developers reports : Improper Input Validation issues in HTTP Request processing (CVE-2020-8449, CVE-2020-8450). Information Disclosure issue in FTP Gateway (CVE-2019-12528). Buffer Overflow issue in ext_lm_group_acl helper (CVE-2020-8517).
    last seen2020-05-08
    modified2020-05-04
    plugin id136302
    published2020-05-04
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136302
    titleFreeBSD : Squid -- multiple vulnerabilities (57c1c2ee-7914-11ea-90bf-0800276545c1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1326.NASL
    descriptionAccording to the versions of the squid package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users
    last seen2020-05-06
    modified2020-03-23
    plugin id134817
    published2020-03-23
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134817
    titleEulerOS 2.0 SP5 : squid (EulerOS-SA-2020-1326)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0487-1.NASL
    descriptionThis update for squid to version 4.10 fixes the following issues : Security issues fixed : CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway (bsc#1162689). CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). CVE-2020-8450: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). CVE-2020-8517: Fixed a buffer overflow in ext_lm_group_acl when processing NTLM Authentication credentials (bsc#1162691). Non-security issue fixed: Improved cache handling with chunked responses. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2020-02-27
    plugin id134099
    published2020-02-27
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134099
    titleSUSE SLES12 Security Update : squid (SUSE-SU-2020:0487-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1591.NASL
    descriptionAccording to the versions of the squid package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.(CVE-2020-8449) - An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.(CVE-2020-8450) - An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy.(CVE-2020-8517) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-06
    modified2020-05-26
    plugin id136869
    published2020-05-26
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136869
    titleEulerOS 2.0 SP8 : squid (EulerOS-SA-2020-1591)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-202003-34.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-202003-34 (Squid: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Squid. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, by sending a specially crafted request, could possibly execute arbitrary code with the privileges of the process, obtain sensitive information or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-03-21
    modified2020-03-18
    plugin id134640
    published2020-03-18
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134640
    titleGLSA-202003-34 : Squid: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-307.NASL
    descriptionThis update for squid to version 4.10 fixes the following issues : Security issues fixed : - CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway (bsc#1162689). - CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). - CVE-2020-8450: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). - CVE-2020-8517: Fixed a buffer overflow in ext_lm_group_acl when processing NTLM Authentication credentials (bsc#1162691). Non-security issue fixed : - Improved cache handling with chunked responses. This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-03-18
    modified2020-03-06
    plugin id134284
    published2020-03-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134284
    titleopenSUSE Security Update : squid (openSUSE-2020-307)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4289-1.NASL
    descriptionJeriko One discovered that Squid incorrectly handled memory when connected to an FTP server. A remote attacker could possibly use this issue to obtain sensitive information from Squid memory. (CVE-2019-12528) Regis Leroy discovered that Squid incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to access server resources prohibited by earlier security filters. (CVE-2020-8449) Guido Vranken discovered that Squid incorrectly handled certain buffer operations when acting as a reverse proxy. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-8450) Aaron Costello discovered that Squid incorrectly handled certain NTLM authentication credentials. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2020-8517). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2020-02-24
    plugin id133951
    published2020-02-24
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133951
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.10 : squid, squid3 vulnerabilities (USN-4289-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0493-1.NASL
    descriptionThis update for squid to version 4.10 fixes the following issues : Security issues fixed : CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway (bsc#1162689). CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). CVE-2020-8450: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). CVE-2020-8517: Fixed a buffer overflow in ext_lm_group_acl when processing NTLM Authentication credentials (bsc#1162691). Non-security issue fixed: Improved cache handling with chunked responses. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2020-02-27
    plugin id134103
    published2020-02-27
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134103
    titleSUSE SLES15 Security Update : squid (SUSE-SU-2020:0493-1)

References