SUSE update for squid



Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2021-28116
CWE-ID CWE-125
Exploitation vector Network
Public exploit N/A
Vulnerable software
 SUSE Linux Enterprise Server
Operating systems & Components / Operating system

squid-debugsource
Operating systems & Components / Operating system package or component

squid-debuginfo
Operating systems & Components / Operating system package or component

squid
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Out-of-bounds read

EUVDB-ID: #VU50457

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-28116

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the handling of the WCCP protocol. A remote attacker can send specially crafted data and corrupt Squids list of known WCCP routers and divert client traffic to attacker controlled routers.

This attack is limited to Squid proxy with WCCPv2 enabled and IP spoofing of a router IP address configured as trusted in squid.conf.

Mitigation

Update the affected package squid to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 12-SP5

squid-debugsource: before 4.17-4.21.1

squid-debuginfo: before 4.17-4.21.1

squid: before 4.17-4.21.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213334-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###