Detections
Analytics

FreeBSD : squid -- denial of service with forged WCCP messages (5fe7e27a-64cb-11d9-9e1e-c296ac722cb3)

medium Nessus Plugin ID 18953

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The squid patches page notes :

WCCP_I_SEE_YOU messages contain a 'number of caches' field which should be between 1 and 32. Values outside that range may crash Squid if WCCP is enabled, and if an attacker can spoof UDP packets with the WCCP router's IP address.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?c65214c1

https://bugs.squid-cache.org/show_bug.cgi?id=1190

http://www.squid-cache.org/Advisories/SQUID-2005_2.txt

http://www.nessus.org/u?7c43b91b

Plugin Details

Severity: Medium

ID: 18953

File Name: freebsd_pkg_5fe7e27a64cb11d99e1ec296ac722cb3.nasl

Version: 1.17

Type: local

Published: 7/13/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.3

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:squid, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 1/12/2005

Vulnerability Publication Date: 1/7/2005

Reference Information

CVE: CVE-2005-0095