SB2020031605 - Gentoo update for Squid

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020031605

SB2020031605 - Gentoo update for Squid

Published: March 16, 2020

Security Bulletin ID SB2020031605
Severity
High
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 29% Medium 57% Low 14%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Heap-based buffer overflow (CVE-ID: CVE-2019-12526)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing URN requests. A remote attacker can send specially crafted request to the Squid client, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Out-of-bounds read (CVE-ID: CVE-2019-12528)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when translating FTP server listing into HTTP responses. A remote attacker can trick the victim into vising a specially crafted FTP server, trigger out-of-bounds read and gain access to memory contents of the heap.


3) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2019-18678)

The vulnerability allows a remote attacker to perform HTTP request smuggling attack.

The vulnerability exists due to insufficient validation of HTTP request headers in Squid. A remote attacker can initiate a specially crafted HTTP request that will cause the software to split HTTP request and display to the end user content, controlled by the attacker at arbitrary URL.


4) Information disclosure (CVE-ID: CVE-2019-18679)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to incorrect data management when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer which sits within heap memory allocation. This allows a remote attacker to gain knowledge of memory allocations and bypass ASLR protection and help in exploitation of other vulnerabilities.


5) Input validation error (CVE-ID: CVE-2020-8449)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input when processing HTTP requests. A remote attacker can send a specially crafted HTTP request, bypass configured security filters and gain access to certain server resources.


6) Buffer overflow (CVE-ID: CVE-2020-8450)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTTP requests, when Squid is acting as a reverse proxy. A remote attacker can send a specially crafted HTTP request to the affected proxy server, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


7) Buffer overflow (CVE-ID: CVE-2020-8517)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a boundary error in the NTLM authentication credentials parser in ext_lm_group_acl. A remote attacker can send a specially crafted HTTP request to the affected proxy server, trigger memory corruption and perform a denial of service attack.


Remediation

Install update from vendor's website.

References