Miembros de
Boletines de Vulnerabilidades |
Múltiples vulnerabilidades en squid |
|
Clasificación de la vulnerabilidad |
|
| Propiedad | Valor |
| Nivel de Confianza | Oficial |
| Impacto | Denegación de Servicio |
| Dificultad | Avanzado |
| Requerimientos del atacante | Acceso remoto sin cuenta a un servicio estandar |
Información sobre el sistema |
|
| Propiedad | Valor |
| Fabricante afectado | GNU/Linux |
| Software afectado | squid <= 2.5.STABLE7 |
Descripción |
|
|
Se han decubierto varias vulnerabilidades en squid: CAN-2005-0094 - Se ha encontrado un desbordamiento de búfer en el parseador de las respuestas de Gopher el cual podría conllevar a ina corrupción de memoria y posiblemente a un bloqueo de Squid. CAN-2005-0095 - Existe una vulnerabilidad de desbordamiento de entero en los mensajes WCCP (Web Cache Communication Protocol).Un atacante podría enviar un datagrama UDP especialmente diseñado con el fin de bloquear Squid. |
|
Solución |
|
|
Actualización de software Squid Parche para Squid 2.5 http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch Debian Linux Debian Linux 3.0 Source: http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5.dsc http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5.diff.gz http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz Alpha: http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_alpha.deb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_alpha.deb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_alpha.deb ARM: http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_arm.deb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_arm.deb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_arm.deb Intel IA-32: http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_i386.deb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_i386.deb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_i386.deb Intel IA-64: http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_ia64.deb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_ia64.deb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_ia64.deb HPPA: http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_hppa.deb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_hppa.deb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_hppa.deb Motorola 680x0: http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_m68k.deb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_m68k.deb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_m68k.deb Big endian MIPS: http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_mips.deb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_mips.deb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_mips.deb Little endian MIPS: http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_mipsel.deb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_mipsel.deb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_mipsel.deb PowerPC: http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_powerpc.deb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_powerpc.deb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_powerpc.deb IBM S/390: http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_s390.deb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_s390.deb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_s390.deb Sun Sparc: http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_sparc.deb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_sparc.deb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_sparc.deb Mandrake Linux Mandrakelinux 9.2 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/squid-2.5.STABLE3-3.5.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/squid-2.5.STABLE3-3.5.92mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/squid-2.5.STABLE3-3.5.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/squid-2.5.STABLE3-3.5.92mdk.src.rpm Mandrakelinux 10.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/squid-2.5.STABLE4-2.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/squid-2.5.STABLE4-2.3.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/squid-2.5.STABLE4-2.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/squid-2.5.STABLE4-2.3.100mdk.src.rpm Mandrakelinux 10.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/squid-2.5.STABLE6-2.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/squid-2.5.STABLE6-2.2.101mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/squid-2.5.STABLE6-2.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/squid-2.5.STABLE6-2.2.101mdk.src.rpm Mandrake Corporate Server 2.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/squid-2.4.STABLE7-2.3.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/squid-2.4.STABLE7-2.3.C21mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/squid-2.4.STABLE7-2.3.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/squid-2.4.STABLE7-2.3.C21mdk.src.rpm Mandrake Corporate Server 3.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/squid-2.5.STABLE4-2.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/squid-2.5.STABLE4-2.3.C30mdk.src.rpm SUSE Linux Distribuciones basadas en SUSE Linux - Actualizar mediante YaST Online Update SUSE Linux SUSE Linux 9.2 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/squid-2.5.STABLE6-6.6.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/squid-2.5.STABLE6-6.6.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/squid-2.5.STABLE6-6.6.src.rpm x86_64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/squid-2.5.STABLE6-6.6.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/squid-2.5.STABLE6-6.6.x86_64.patch.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/src/squid-2.5.STABLE6-6.6.src.rpm SUSE Linux 9.1 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/squid-2.5.STABLE5-42.27.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/squid-2.5.STABLE5-42.27.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/squid-2.5.STABLE5-42.27.src.rpm x86_64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/squid-2.5.STABLE5-42.27.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/squid-2.5.STABLE5-42.27.x86_64.patch.rpm SUSE Linux 9.0 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/squid-2.5.STABLE3-118.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/squid-2.5.STABLE3-118.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/squid-2.5.STABLE3-118.src.rpm x86_64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/squid-2.5.STABLE3-118.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/squid-2.5.STABLE3-118.x86_64.patch.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/squid-2.5.STABLE3-118.src.rpm SUSE Linux 8.2 x86 ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/squid-2.5.STABLE1-106.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/squid-2.5.STABLE1-106.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/squid-2.5.STABLE1-106.src.rpm SUSE Linux 8.1 x86 ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/squid-2.4.STABLE7-288.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/squid-2.4.STABLE7-288.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/squid-2.4.STABLE7-288.src.rpm Red Hat Linux Red Hat Desktop (v. 3) SRPMS squid-2.5.STABLE3-6.3E.7.src.rpm IA-32 squid-2.5.STABLE3-6.3E.7.i386.rpm x86_64 squid-2.5.STABLE3-6.3E.7.x86_64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux AS (v. 2.1) SRPMS squid-2.4.STABLE7-1.21as.4.src.rpm IA-32 squid-2.4.STABLE7-1.21as.4.i386.rpm IA-64 squid-2.4.STABLE7-1.21as.4.ia64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux AS (v. 3) SRPMS squid-2.5.STABLE3-6.3E.7.src.rpm IA-32 squid-2.5.STABLE3-6.3E.7.i386.rpm IA-64 squid-2.5.STABLE3-6.3E.7.ia64.rpm PPC squid-2.5.STABLE3-6.3E.7.ppc.rpm s390 squid-2.5.STABLE3-6.3E.7.s390.rpm s390x squid-2.5.STABLE3-6.3E.7.s390x.rpm x86_64 squid-2.5.STABLE3-6.3E.7.x86_64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux ES (v. 2.1) SRPMS squid-2.4.STABLE7-1.21as.4.src.rpm IA-32 squid-2.4.STABLE7-1.21as.4.i386.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux ES (v. 3) SRPMS squid-2.5.STABLE3-6.3E.7.src.rpm IA-32 squid-2.5.STABLE3-6.3E.7.i386.rpm IA-64 squid-2.5.STABLE3-6.3E.7.ia64.rpm x86_64 squid-2.5.STABLE3-6.3E.7.x86_64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux WS (v. 3) SRPMS squid-2.5.STABLE3-6.3E.7.src.rpm IA-32 squid-2.5.STABLE3-6.3E.7.i386.rpm IA-64 squid-2.5.STABLE3-6.3E.7.ia64.rpm x86_64 squid-2.5.STABLE3-6.3E.7.x86_64.rpm https://rhn.redhat.com/ Red Hat Linux Advanced Workstation 2.1 Itanium Processor SRPMS squid-2.4.STABLE7-1.21as.4.src.rpm IA-64 squid-2.4.STABLE7-1.21as.4.ia64.rpm https://rhn.redhat.com/ Red Hat Linux Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE |
CAN-2005-0094 CAN-2005-0095 |
| BID | |
Recursos adicionales |
|
|
Squid Proxy Cache Security Update Advisory SQUID-2005:1 http://www.squid-cache.org/Advisories/SQUID-2005_1.txt Squid Proxy Cache Security Update Advisory SQUID-2005:2 http://www.squid-cache.org/Advisories/SQUID-2005_2.txt Debian Security Advisory DSA-651-1 http://www.nl.debian.org/security/2005/dsa-651 Mandrakesoft Security Advisories MDKSA-2005:014 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:014 SUSE Security Summary Report SUSE-SR:2005:003 http://www.novell.com/linux/security/advisories/2005_03_sr.html SUSE Security Announcement SUSE-SA:2005:006 http://www.novell.com/linux/security/advisories/2005_06_squid.html Red Hat Security Advisory RHSA-2005:061-19 https://rhn.redhat.com/errata/RHSA-2005-061.html Red Hat Security Advisory RHSA-2005:060-20 https://rhn.redhat.com/errata/RHSA-2005-060.html |
|
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Aviso emitido | 2005-01-21 |
| 1.1 | Aviso emitido por Mandrake (MDKSA-2005:014) | 2005-01-25 |
| 1.2 | Aviso emitido por SUSE (SUSE-SR:2005:003) | 2005-02-07 |
| 1.3 | Aviso emitido por SUSE (SUSE-SA:2005:006) | 2005-02-11 |
| 1.4 | Aviso emitido por Red Hat (RHSA-2005:061-19) | 2005-02-14 |
| 1.5 | Aviso emitido por Red Hat (RHSA-2005:060-20) | 2005-02-16 |