Detections
Analytics
Squid < 3.0.STABLE23 / 3.1.0.16
medium Nessus Plugin ID 44384
Language:
Synopsis
The remote proxy server is prone to a denial of service attack.Description
According to its banner, the version of the Squid proxy caching server installed on the remote host is 2.x or older than 3.0.STABLE23 / 3.1.0.16. Such versions reportedly fail to correctly validate DNS packets, which can be abused by a remote attack to cause a short-term denial of service.Note that Nessus has relied only on the version in the proxy server's banner, which is not updated by either of the patches the project has released to address this issue. If one of those has been applied properly and the service restarted, consider this to be a false positive.
Solution
Either upgrade to Squid version 3.0.STABLE23 / 3.1.0.16 or later or apply the appropriate patch referenced in the project's advisory above.See Also
http://www.squid-cache.org/Advisories/SQUID-2010_1.txt
http://www.nessus.org/u?9140f7e2
http://www.nessus.org/u?1e06892d
http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch
Plugin Details
Severity: Medium
ID: 44384
File Name: squid_3_0_23.nasl
Version: 1.16
Type: remote
Family: Firewalls
Published: 2/2/2010
Updated: 9/17/2018
Configuration: Enable paranoid mode
Supported Sensors: Nessus
Risk Information
CVSS Score Rationale: The squid-2010_1 advisory mentions that any external server who can determine the squid receiving port can perform the attack, so authentication is set to none.
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Score Source: CVE-2010-0308
Vulnerability Information
CPE: cpe:/a:squid-cache:squid
Required KB Items: Settings/ParanoidReport, www/squid
Exploit Ease: No known exploits are available
Patch Publication Date: 2/1/2010
Vulnerability Publication Date: 1/29/2010
Reference Information
CVE: CVE-2010-0308
BID: 37522