FreeBSD : squid -- possible cache-poisoning via malformed HTTP responses (b4d94fa0-6e38-11d9-9e1e-c296ac722cb3)

medium Nessus Plugin ID 19089

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The squid patches page notes :

This patch makes Squid considerably stricter while parsing the HTTP protocol.

- A Content-length header should only appear once in a valid request or response. Multiple Content-length headers, in conjunction with specially crafted requests, may allow Squid's cache to be poisoned with bad content in certain situations.

- CR characters is only allowed as part of the CR NL line terminator, not alone. This to ensure that all involved agrees on the structure of HTTP headers.

- Rejects requests/responses that have whitespace in an HTTP header name.

To enable these strict parsing rules, update to at least squid-2.5.7_9 and specify relaxed_header_parser off in squid.conf.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?f705228c

http://www.nessus.org/u?4e09cd67

Plugin Details

Severity: Medium

ID: 19089

File Name: freebsd_pkg_b4d94fa06e3811d99e1ec296ac722cb3.nasl

Version: 1.16

Type: local

Published: 7/13/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:squid, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 1/24/2005

Vulnerability Publication Date: 1/24/2005

Reference Information

CVE: CVE-2005-0174

CERT: 768702