Vulnerability Bulletins

int(1326)

Vulnerability Bulletins

Desbordamiento de búfer en Squid
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Denegación de Servicio
Dificulty	Experto
Required attacker level	Acceso remoto sin cuenta a un servicio estandar
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	Squid <=2.5.STABLE7
Description
Se ha descubierto una vulnerabilidad de desbordamiento de búfer en la versión 2.5.STABLE7 y anteriores de Squid. La vulnerabilidad reside en el uso inseguro de la función recvfrom() en la implementación del protocolo WCCP. La explotación de esta vulnerabilidad podría permitir a un atacante remoto provocar una situación de denegación de servicio de squid siempre que este configurado para utilizar el protocolo WCCP.
Solution
Actualización de software Squid Squid 2.5.STABLE7- Parche http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_buffer_overflow.patch Debian Linux Debian Linux 3.0 Source http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6.dsc http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6.diff.gz http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_alpha.deb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_alpha.deb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_alpha.deb ARM http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_arm.deb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_arm.deb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_i386.deb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_i386.deb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_ia64.deb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_ia64.deb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_ia64.deb HP Precision http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_hppa.deb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_hppa.deb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_m68k.deb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_m68k.deb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_mips.deb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_mips.deb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_mipsel.deb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_mipsel.deb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_powerpc.deb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_powerpc.deb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_s390.deb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_s390.deb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_sparc.deb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_sparc.deb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_sparc.deb Mandrake Linux Mandrakelinux 9.2 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/squid-2.5.STABLE3-3.6.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/squid-2.5.STABLE3-3.6.92mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/squid-2.5.STABLE3-3.6.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/squid-2.5.STABLE3-3.6.92mdk.src.rpm Mandrakelinux 10.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/squid-2.5.STABLE4-2.4.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/squid-2.5.STABLE4-2.4.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/squid-2.5.STABLE4-2.4.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/squid-2.5.STABLE4-2.4.100mdk.src.rpm Mandrakelinux 10.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/squid-2.5.STABLE6-2.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/squid-2.5.STABLE6-2.3.101mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/squid-2.5.STABLE6-2.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/squid-2.5.STABLE6-2.3.101mdk.src.rpm Corporate Server 2.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/squid-2.4.STABLE7-2.4.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/squid-2.4.STABLE7-2.4.C21mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/squid-2.4.STABLE7-2.4.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/squid-2.4.STABLE7-2.4.C21mdk.src.rpm Corporate Server 3.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/squid-2.5.STABLE4-2.4.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/squid-2.5.STABLE4-2.4.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/squid-2.5.STABLE4-2.4.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/squid-2.5.STABLE4-2.4.C30mdk.src.rpm SUSE Linux SUSE Linux 9.2 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/squid-2.5.STABLE6-6.6.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/squid-2.5.STABLE6-6.6.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/squid-2.5.STABLE6-6.6.src.rpm x86_64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/squid-2.5.STABLE6-6.6.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/squid-2.5.STABLE6-6.6.x86_64.patch.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/src/squid-2.5.STABLE6-6.6.src.rpm SUSE Linux 9.1 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/squid-2.5.STABLE5-42.27.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/squid-2.5.STABLE5-42.27.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/squid-2.5.STABLE5-42.27.src.rpm x86_64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/squid-2.5.STABLE5-42.27.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/squid-2.5.STABLE5-42.27.x86_64.patch.rpm SUSE Linux 9.0 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/squid-2.5.STABLE3-118.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/squid-2.5.STABLE3-118.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/squid-2.5.STABLE3-118.src.rpm x86_64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/squid-2.5.STABLE3-118.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/squid-2.5.STABLE3-118.x86_64.patch.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/squid-2.5.STABLE3-118.src.rpm SUSE Linux 8.2 x86 ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/squid-2.5.STABLE1-106.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/squid-2.5.STABLE1-106.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/squid-2.5.STABLE1-106.src.rpm SUSE Linux 8.1 x86 ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/squid-2.4.STABLE7-288.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/squid-2.4.STABLE7-288.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/squid-2.4.STABLE7-288.src.rpm Red Hat Linux Red Hat Desktop (v. 3) SRPMS squid-2.5.STABLE3-6.3E.7.src.rpm IA-32 squid-2.5.STABLE3-6.3E.7.i386.rpm x86_64 squid-2.5.STABLE3-6.3E.7.x86_64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux AS (v. 2.1) SRPMS squid-2.4.STABLE7-1.21as.4.src.rpm IA-32 squid-2.4.STABLE7-1.21as.4.i386.rpm IA-64 squid-2.4.STABLE7-1.21as.4.ia64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux AS (v. 3) SRPMS squid-2.5.STABLE3-6.3E.7.src.rpm IA-32 squid-2.5.STABLE3-6.3E.7.i386.rpm IA-64 squid-2.5.STABLE3-6.3E.7.ia64.rpm PPC squid-2.5.STABLE3-6.3E.7.ppc.rpm s390 squid-2.5.STABLE3-6.3E.7.s390.rpm s390x squid-2.5.STABLE3-6.3E.7.s390x.rpm x86_64 squid-2.5.STABLE3-6.3E.7.x86_64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux ES (v. 2.1) SRPMS squid-2.4.STABLE7-1.21as.4.src.rpm IA-32 squid-2.4.STABLE7-1.21as.4.i386.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux ES (v. 3) SRPMS squid-2.5.STABLE3-6.3E.7.src.rpm IA-32 squid-2.5.STABLE3-6.3E.7.i386.rpm IA-64 squid-2.5.STABLE3-6.3E.7.ia64.rpm x86_64 squid-2.5.STABLE3-6.3E.7.x86_64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux WS (v. 3) SRPMS squid-2.5.STABLE3-6.3E.7.src.rpm IA-32 squid-2.5.STABLE3-6.3E.7.i386.rpm IA-64 squid-2.5.STABLE3-6.3E.7.ia64.rpm x86_64 squid-2.5.STABLE3-6.3E.7.x86_64.rpm https://rhn.redhat.com/ Red Hat Linux Advanced Workstation 2.1 Itanium Processor SRPMS squid-2.4.STABLE7-1.21as.4.src.rpm IA-64 squid-2.4.STABLE7-1.21as.4.ia64.rpm https://rhn.redhat.com/ Red Hat Linux Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/
Standar resources
Property	Value
CVE	CAN-2005-0211
BID
Other resources
Squid Proxy Cache Security Update Advisory SQUID-2005:3 http://www.squid-cache.org/Advisories/SQUID-2005_3.txt Debian Security Advisory DSA 667-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00044.html Mandrakesoft Security Advisories MDKSA-2005:034 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:034 SUSE Security Announcement SUSE-SA:2005:006 http://www.novell.com/linux/security/advisories/2005_06_squid.html Red Hat Security Advisory RHSA-2005:061-19 https://rhn.redhat.com/errata/RHSA-2005-061.html Red Hat Security Advisory RHSA-2005:060-20 https://rhn.redhat.com/errata/RHSA-2005-060.html

Version history
Version	Comments	Date
1.0	Aviso emitido	2005-02-01
1.1	Aviso emitido por Debian (DSA 667-1). CAN añadido.	2005-02-07
1.2	Aviso emitido por Mandrake (MDKSA-2005:034). Aviso emitido por SUSE (SUSE-SA:2005:006).	2005-02-11
1.3	Aviso emitido por Red Hat (RHSA-2005:061-19)	2005-02-14
1.4	Aviso emitido por Red Hat (RHSA-2005:060-20)	2005-02-16

Vulnerability Bulletins

Desbordamiento de búfer en Squid

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history