SB2019120425 - Ubuntu update for Squid

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019120425

SB2019120425 - Ubuntu update for Squid

Published: December 4, 2019

Security Bulletin ID SB2019120425
Severity
High
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 14% Medium 71% Low 14%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2019-18678)

The vulnerability allows a remote attacker to perform HTTP request smuggling attack.

The vulnerability exists due to insufficient validation of HTTP request headers in Squid. A remote attacker can initiate a specially crafted HTTP request that will cause the software to split HTTP request and display to the end user content, controlled by the attacker at arbitrary URL.


2) Information disclosure (CVE-ID: CVE-2019-18679)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to incorrect data management when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer which sits within heap memory allocation. This allows a remote attacker to gain knowledge of memory allocations and bypass ASLR protection and help in exploitation of other vulnerabilities.


3) Cross-site request forgery (CVE-ID: CVE-2019-18677)

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin, when Squid is configured with the append_domain option. A remote attacker can trick the victim to visit a specially crafted web page and redirect victim's traffic to a third-party domain.


4) Input validation error (CVE-ID: CVE-2019-18676)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to insufficient validation of user-supplied input when processing URIs. A remote attacker can create a specially crafted link, trick the victim into visiting it, trigger buffer overflow and crash the Squid process.


5) Heap-based buffer overflow (CVE-ID: CVE-2019-12526)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing URN requests. A remote attacker can send specially crafted request to the Squid client, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


6) Out-of-bounds read (CVE-ID: CVE-2019-12854)

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when terminating strings in cachemgr.cgi. A remote attacker can a specially crafted request to the affected proxy server, trigger out-of-bounds read error and crash the CGI process, denying access to all users on systems with memory access protections.


7) Input validation error (CVE-ID: CVE-2019-12523)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to insufficient validation of user-supplied input when processing URIs. A remote authenticated attacker can add certain characters to the URI, bypass implemented security restrictions and access restricted websites.


Remediation

Install update from vendor's website.

References