RHEL 6 : squid34 (RHSA-2016:1140)

high Nessus Plugin ID 91383

Synopsis

The remote Red Hat host is missing one or more security updates for squid34.

Description

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2016:1140 advisory.

The squid34 packages provide version 3.4 of Squid, a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Note that apart from squid34, this version of Red Hat Enterprise Linux also includes the squid packages which provide Squid version 3.1.

Security Fix(es):

* A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. (CVE-2016-4051)

* Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack memory, or possibly execute arbitrary code as the user running Squid. (CVE-2016-4052, CVE-2016-4053, CVE-2016-4054)

* An input validation flaw was found in the way Squid handled intercepted HTTP Request messages. An attacker could use this flaw to bypass the protection against issues related to CVE-2009-0801, and perform cache poisoning attacks on Squid. (CVE-2016-4553)

* An input validation flaw was found in Squid's mime_get_header_field() function, which is used to search for headers within HTTP requests. An attacker could send an HTTP request from the client side with specially crafted header Host header that bypasses same-origin security protections, causing Squid operating as interception or reverse-proxy to contact the wrong origin server. It could also be used for cache poisoning for client not following RFC 7230. (CVE-2016-4554)

* A NULL pointer dereference flaw was found in the way Squid processes ESI responses. If Squid was used as a reverse proxy or for TLS/HTTPS interception, a malicious server could use this flaw to crash the Squid worker process. (CVE-2016-4555)

* An incorrect reference counting flaw was found in the way Squid processes ESI responses. If Squid is configured as reverse-proxy, for TLS/HTTPS interception, an attacker controlling a server accessed by Squid, could crash the squid worker, causing a Denial of Service attack. (CVE-2016-4556)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL squid34 package based on the guidance in RHSA-2016:1140.

See Also

http://www.nessus.org/u?dd631c9a

http://www.squid-cache.org/Advisories/SQUID-2016_5.txt

http://www.squid-cache.org/Advisories/SQUID-2016_6.txt

http://www.squid-cache.org/Advisories/SQUID-2016_7.txt

http://www.squid-cache.org/Advisories/SQUID-2016_8.txt

http://www.squid-cache.org/Advisories/SQUID-2016_9.txt

https://access.redhat.com/errata/RHSA-2016:1140

https://access.redhat.com/security/updates/classification/#moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1329126

https://bugzilla.redhat.com/show_bug.cgi?id=1329136

https://bugzilla.redhat.com/show_bug.cgi?id=1334233

https://bugzilla.redhat.com/show_bug.cgi?id=1334241

https://bugzilla.redhat.com/show_bug.cgi?id=1334246

https://bugzilla.redhat.com/show_bug.cgi?id=1334786

Plugin Details

Severity: High

ID: 91383

File Name: redhat-RHSA-2016-1140.nasl

Version: 2.12

Type: local

Agent: unix

Published: 5/31/2016

Updated: 4/15/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2016-4054

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2016-4051

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:6, p-cpe:/a:redhat:enterprise_linux:squid34

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 5/31/2016

Vulnerability Publication Date: 4/25/2016

Reference Information

CVE: CVE-2016-4051, CVE-2016-4052, CVE-2016-4053, CVE-2016-4054, CVE-2016-4553, CVE-2016-4554, CVE-2016-4555, CVE-2016-4556

CWE: 122, 20, 476

RHSA: 2016:1140