client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.

The remote Solaris system is missing necessary patches to address security updates :

  - client_side_request.cc in Squid 3.2.x before 3.2.13 and     3.3.x before 3.3.8 allows remote attackers to cause a     denial of service via a crafted port number in a HTTP     Host header. (CVE-2013-4123)

This squid update includes several security fixes and minor changes.

  - squid-3.2.x-11823-bnc829084-CVE-2013-4115.diff fixes a     buffer overflow involving very long hostnames.
    [bnc#829084] CVE-2013-4115

  - squid-3.2.x-11823-bnc830319-CVE-2013-4123.diff fixes     problems identifying a port number as specified by the     client. [bnc#830319] CVE-2013-4123

  - run logrotate as squid:nogroup [bnc#677335]

The remote host is affected by the vulnerability described in GLSA-201309-22 (Squid: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Squid. Please review       the CVE identifiers referenced below for details.
  Impact :

    A remote attacker may be able to bypass ACL restrictions or cause a       Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

This is security update that fixes CVE-2013-4123 and CVE-2013-4115.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to its banner, the version of Squid running on the remote host is 3.2.x prior to 3.2.13 or 3.3.x prior to 3.3.8.  It is, therefore, affected by a denial of service vulnerability.  The vulnerability exists when handling a port number in the host header of a specially crafted HTTP Request. 

Note that Nessus has relied only on the version in the proxy server's banner, which is not updated by the patch that the project has released to address this issue.  If this patch has been applied properly and the service has been restarted, consider this to be a false positive.

Squid versions 3.2.x prior to 3.2.13 or 3.3.x prior to 3.3.8 are potentially affected by a denial of service vulnerability. The vulnerability exists when handling a port number in the host header of a specially crafted HTTP Request

Squid project reports :

Due to incorrect data validation Squid is vulnerable to a denial of service attack when processing specially crafted HTTP requests

This problem allows any client who can generate HTTP requests to perform a denial of service attack on the Squid service.

ID	Name	Product	Family	Severity
80774	Oracle Solaris Third-Party Patch Update : squid (cve_2013_4123_input_validation)	Nessus	Solaris Local Security Checks	medium
75140	openSUSE Security Update : squid (openSUSE-SU-2013:1435-1)	Nessus	SuSE Local Security Checks	high
70182	GLSA-201309-22 : Squid: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
69204	Fedora 18 : squid-3.2.13-1.fc18 (2013-13493)	Nessus	Fedora Local Security Checks	high
69201	Fedora 19 : squid-3.2.13-1.fc19 (2013-13468)	Nessus	Fedora Local Security Checks	high
69042	Squid 3.2.x < 3.2.13 / 3.3.x < 3.3.8 Port Handling DoS	Nessus	Firewalls	medium
6932	Squid 3.2.x < 3.2.13 / 3.3.x < 3.3.8 Port Handling DoS	Nessus Network Monitor	Web Servers	medium
68898	FreeBSD : squid -- denial of service (30a04ab4-ed7b-11e2-8643-8c705af55518)	Nessus	FreeBSD Local Security Checks	medium

Detections

Analytics

CVE-2013-4123

high

Tenable Plugins

medium

high

high

high

high

medium

medium

medium