FreeBSD : Squid -- multiple vulnerabilities (57c1c2ee-7914-11ea-90bf-0800276545c1)

high Nessus Plugin ID 136302

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The Squid developers reports :

Improper Input Validation issues in HTTP Request processing (CVE-2020-8449, CVE-2020-8450).

Information Disclosure issue in FTP Gateway (CVE-2019-12528).

Buffer Overflow issue in ext_lm_group_acl helper (CVE-2020-8517).

Solution

Update the affected package.

See Also

http://www.nessus.org/u?02cc4f07

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=244026

http://www.nessus.org/u?bdaa9902

Plugin Details

Severity: High

ID: 136302

File Name: freebsd_pkg_57c1c2ee791411ea90bf0800276545c1.nasl

Version: 1.3

Type: local

Published: 5/4/2020

Updated: 5/13/2022

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-8450

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2020-8449

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:squid, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 4/7/2020

Vulnerability Publication Date: 2/10/2020

Reference Information

CVE: CVE-2019-12528, CVE-2020-8449, CVE-2020-8450, CVE-2020-8517