Vulnerabilities > CVE-2020-8450 - Incorrect Calculation of Buffer Size vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
LOW Summary
An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Buffer Overflow via Parameter Expansion In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2020-790296A8F4.NASL description - update to 4.10 - Resolves: #1798535 - CVE-2019-12528 squid: Information Disclosure issue in FTP Gateway - Resolves: #1798554 - CVE-2020-8450 squid: Buffer overflow in a Squid acting as reverse-proxy - Resolves: #1798541 - CVE-2020-8449 squid: Improper input validation issues. in HTTP Request processing Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-04-09 modified 2020-04-06 plugin id 135211 published 2020-04-06 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135211 title Fedora 31 : 7:squid (2020-790296a8f4) NASL family Fedora Local Security Checks NASL id FEDORA_2020-AB8E7463AB.NASL description - update to 4.10 - Resolves: #1798535 - CVE-2019-12528 squid: Information Disclosure issue in FTP Gateway - Resolves: #1798554 - CVE-2020-8450 squid: Buffer overflow in a Squid acting as reverse-proxy - Resolves: #1798541 - CVE-2020-8449 squid: Improper input validation issues. in HTTP Request processing Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-04-10 modified 2020-04-06 plugin id 135213 published 2020-04-06 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135213 title Fedora 30 : 7:squid (2020-ab8e7463ab) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4682.NASL description Multiple security issues were discovered in the Squid proxy caching server, which could result in the bypass of security filters, information disclosure, the execution of arbitrary code or denial of service. last seen 2020-05-15 modified 2020-05-11 plugin id 136430 published 2020-05-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136430 title Debian DSA-4682-1 : squid - security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-606.NASL description This update for squid to version 4.10 fixes the following issues : Security issues fixed : - CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway (bsc#1162689). - CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). - CVE-2020-8450: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). - CVE-2020-8517: Fixed a buffer overflow in ext_lm_group_acl when processing NTLM Authentication credentials (bsc#1162691). Non-security issue fixed : - Improved cache handling with chunked responses. This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-05-08 modified 2020-05-04 plugin id 136316 published 2020-05-04 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136316 title openSUSE Security Update : squid (openSUSE-2020-606) NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0661-1.NASL description This update for squid fixes the following issues : CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway (bsc#1162689). CVE-2019-12526: Fixed potential remote code execution during URN processing (bsc#1156326). CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in URI processing (bsc#1156329). CVE-2019-18677: Fixed Cross-Site Request Forgery in HTTP Request processing (bsc#1156328). CVE-2019-18678: Fixed incorrect message parsing which could have led to HTTP request splitting issue (bsc#1156323). CVE-2019-18679: Fixed information disclosure when processing HTTP Digest Authentication (bsc#1156324). CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). CVE-2020-8450: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). CVE-2020-8517: Fixed a buffer overflow in ext_lm_group_acl when processing NTLM Authentication credentials (bsc#1162691). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-19 modified 2020-03-13 plugin id 134561 published 2020-03-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134561 title SUSE SLES12 Security Update : squid (SUSE-SU-2020:0661-1) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_57C1C2EE791411EA90BF0800276545C1.NASL description The Squid developers reports : Improper Input Validation issues in HTTP Request processing (CVE-2020-8449, CVE-2020-8450). Information Disclosure issue in FTP Gateway (CVE-2019-12528). Buffer Overflow issue in ext_lm_group_acl helper (CVE-2020-8517). last seen 2020-05-08 modified 2020-05-04 plugin id 136302 published 2020-05-04 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136302 title FreeBSD : Squid -- multiple vulnerabilities (57c1c2ee-7914-11ea-90bf-0800276545c1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1326.NASL description According to the versions of the squid package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users last seen 2020-05-06 modified 2020-03-23 plugin id 134817 published 2020-03-23 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134817 title EulerOS 2.0 SP5 : squid (EulerOS-SA-2020-1326) NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0487-1.NASL description This update for squid to version 4.10 fixes the following issues : Security issues fixed : CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway (bsc#1162689). CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). CVE-2020-8450: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). CVE-2020-8517: Fixed a buffer overflow in ext_lm_group_acl when processing NTLM Authentication credentials (bsc#1162691). Non-security issue fixed: Improved cache handling with chunked responses. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2020-02-27 plugin id 134099 published 2020-02-27 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134099 title SUSE SLES12 Security Update : squid (SUSE-SU-2020:0487-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1591.NASL description According to the versions of the squid package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.(CVE-2020-8449) - An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.(CVE-2020-8450) - An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy.(CVE-2020-8517) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-06 modified 2020-05-26 plugin id 136869 published 2020-05-26 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136869 title EulerOS 2.0 SP8 : squid (EulerOS-SA-2020-1591) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-202003-34.NASL description The remote host is affected by the vulnerability described in GLSA-202003-34 (Squid: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Squid. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, by sending a specially crafted request, could possibly execute arbitrary code with the privileges of the process, obtain sensitive information or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-03-21 modified 2020-03-18 plugin id 134640 published 2020-03-18 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134640 title GLSA-202003-34 : Squid: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-307.NASL description This update for squid to version 4.10 fixes the following issues : Security issues fixed : - CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway (bsc#1162689). - CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). - CVE-2020-8450: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). - CVE-2020-8517: Fixed a buffer overflow in ext_lm_group_acl when processing NTLM Authentication credentials (bsc#1162691). Non-security issue fixed : - Improved cache handling with chunked responses. This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-03-18 modified 2020-03-06 plugin id 134284 published 2020-03-06 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134284 title openSUSE Security Update : squid (openSUSE-2020-307) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4289-1.NASL description Jeriko One discovered that Squid incorrectly handled memory when connected to an FTP server. A remote attacker could possibly use this issue to obtain sensitive information from Squid memory. (CVE-2019-12528) Regis Leroy discovered that Squid incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to access server resources prohibited by earlier security filters. (CVE-2020-8449) Guido Vranken discovered that Squid incorrectly handled certain buffer operations when acting as a reverse proxy. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-8450) Aaron Costello discovered that Squid incorrectly handled certain NTLM authentication credentials. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2020-8517). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2020-02-24 plugin id 133951 published 2020-02-24 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133951 title Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : squid, squid3 vulnerabilities (USN-4289-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0493-1.NASL description This update for squid to version 4.10 fixes the following issues : Security issues fixed : CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway (bsc#1162689). CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). CVE-2020-8450: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). CVE-2020-8517: Fixed a buffer overflow in ext_lm_group_acl when processing NTLM Authentication credentials (bsc#1162691). Non-security issue fixed: Improved cache handling with chunked responses. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2020-02-27 plugin id 134103 published 2020-02-27 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134103 title SUSE SLES15 Security Update : squid (SUSE-SU-2020:0493-1)
References
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html
- http://www.squid-cache.org/Advisories/SQUID-2020_1.txt
- http://www.squid-cache.org/Advisories/SQUID-2020_1.txt
- http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch
- http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch
- http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch
- http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch
- http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch
- http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch
- http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch
- http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch
- http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch
- http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch
- https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/
- https://security.gentoo.org/glsa/202003-34
- https://security.gentoo.org/glsa/202003-34
- https://security.netapp.com/advisory/ntap-20210304-0002/
- https://security.netapp.com/advisory/ntap-20210304-0002/
- https://usn.ubuntu.com/4289-1/
- https://usn.ubuntu.com/4289-1/
- https://www.debian.org/security/2020/dsa-4682
- https://www.debian.org/security/2020/dsa-4682