The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Squid cache

vulnerability announce CVE-2018-1172

Squid cache: denial of service via ESI Response

Synthesis of the vulnerability

An attacker can generate a fatal error via ESI Response of Squid cache, in order to trigger a denial of service.
Impacted products: openSUSE Leap, Squid, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet server.
Creation date: 18/04/2018.
Identifiers: CERTFR-2018-AVI-192, CVE-2018-1172, openSUSE-SU-2018:1135-1, SQUID-2018:3, SUSE-SU-2018:1365-1, VIGILANCE-VUL-25912, ZDI-18-309.

Description of the vulnerability

An attacker can generate a fatal error via ESI Response of Squid cache, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-1000024 CVE-2018-1000027

Squid cache: denial of service

Synthesis of the vulnerability

An attacker can generate a fatal error of Squid cache, in order to trigger a denial of service.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, Squid, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 22/01/2018.
Identifiers: bulletinjul2018, CERTFR-2018-AVI-046, CVE-2018-1000024, CVE-2018-1000027, DLA-1266-1, DLA-1267-1, DSA-4122-1, FEDORA-2018-4fabf63492, openSUSE-SU-2018:0647-1, SQUID-2018:1, SQUID-2018:2, USN-3557-1, VIGILANCE-VUL-25134.

Description of the vulnerability

An attacker can generate a fatal error of Squid cache, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-10002 CVE-2016-10003

Squid cache: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Squid cache.
Impacted products: Debian, Fedora, openSUSE Leap, RHEL, Squid, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, client access/rights, data reading.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 19/12/2016.
Identifiers: CERTFR-2016-AVI-422, CVE-2016-10002, CVE-2016-10003, DLA-763-1, DSA-3745-1, FEDORA-2016-c614315d29, openSUSE-SU-2017:0192-1, RHSA-2017:0182-01, RHSA-2017:0183-01, USN-3192-1, VIGILANCE-VUL-21417.

Description of the vulnerability

Several vulnerabilities were announced in Squid cache.

When the configuration directive collapsed_forwarding is enabled, an attacker can request an URL with some specially crafted headers, to get the response which was cached while processing a request for a previous client, in order to get the response body of the initial client. [severity:3/4; CVE-2016-10003]

An attacker can request an URL with specially crafted header If-None-Modified, to get the response which was cached while processing a request for a previous client, in order to get the response body of the initial client, including session cookies and the associated access rights. [severity:3/4; CVE-2016-10002]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-4553 CVE-2016-4554 CVE-2016-4555

Squid: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Squid.
Impacted products: Debian, Fedora, openSUSE Leap, RHEL, Squid, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 3.
Creation date: 09/05/2016.
Identifiers: CERTFR-2016-AVI-157, CVE-2016-4553, CVE-2016-4554, CVE-2016-4555, CVE-2016-4556, DLA-478-1, DLA-556-1, DLA-558-1, DSA-3625-1, FEDORA-2016-95edf19d8a, FEDORA-2016-b3b9407940, openSUSE-SU-2016:2081-1, RHSA-2016:1138-01, RHSA-2016:1139-01, RHSA-2016:1140-01, SQUID-2016:7, SQUID-2016:8, SQUID-2016:9, SUSE-SU-2016:1996-1, SUSE-SU-2016:2089-1, USN-2995-1, VIGILANCE-VUL-19548.

Description of the vulnerability

Several vulnerabilities were announced in Squid.

An script in the web browser of a client can poison the cache, in order to deceive other clients. [severity:3/4; CVE-2016-4553, SQUID-2016:7]

A special web client can poison the cache, in order to deceive other clients. [severity:2/4; CVE-2016-4554, SQUID-2016:8]

An attacker can trigger a fatal error in the processing of ESI responses, in order to trigger a denial of service. [severity:2/4; CVE-2016-4555, CVE-2016-4556, SQUID-2016:9]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-4051 CVE-2016-4052 CVE-2016-4053

Squid: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Squid.
Impacted products: Debian, Fedora, openSUSE Leap, RHEL, Squid, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 20/04/2016.
Identifiers: CERTFR-2016-AVI-141, CVE-2016-4051, CVE-2016-4052, CVE-2016-4053, CVE-2016-4054, DLA-478-1, DLA-556-1, DSA-3625-1, FEDORA-2016-95edf19d8a, FEDORA-2016-b3b9407940, openSUSE-SU-2016:2081-1, RHSA-2016:1138-01, RHSA-2016:1139-01, RHSA-2016:1140-01, SQUID-2016:5, SQUID-2016:6, SUSE-SU-2016:1996-1, SUSE-SU-2016:2089-1, USN-2995-1, VIGILANCE-VUL-19423.

Description of the vulnerability

Several vulnerabilities were announced in Squid.

An attacker can generate a buffer overflow in cachemgr.cgi, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4051, SQUID-2016:5]

An attacker can generate a buffer overflow in Squid ESI, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4052, CVE-2016-4053, CVE-2016-4054, SQUID-2016:6]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-3947 CVE-2016-3948

Squid: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Squid.
Impacted products: Fedora, openSUSE Leap, RHEL, Squid, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 2.
Creation date: 04/04/2016.
Identifiers: CERTFR-2016-AVI-112, CVE-2016-3947, CVE-2016-3948, FEDORA-2016-95edf19d8a, FEDORA-2016-b3b9407940, openSUSE-SU-2016:2081-1, RHSA-2016:2600-02, SQUID-2016:3, SQUID-2016:4, SUSE-SU-2016:1996-1, SUSE-SU-2016:2089-1, USN-2995-1, USN-3557-1, VIGILANCE-VUL-19289.

Description of the vulnerability

Several vulnerabilities were announced in Squid.

An attacker can setup a malicious web server, which answers with large ICMPv6 data, to force the Pinger to stop, or to write a memory fragment in the log with root privileges. [severity:2/4; CVE-2016-3947, SQUID-2016:3]

An attacker can force an assertion error with an HTTP Vary header, in order to trigger a denial of service. [severity:2/4; CVE-2016-3948, SQUID-2016:4]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-2569 CVE-2016-2570 CVE-2016-2571

Squid: assertion error via Large HTTP Response

Synthesis of the vulnerability

An attacker can use an HTTP reply containing a large header, to force an assertion error in Squid, in order to trigger a denial of service.
Impacted products: Debian, openSUSE Leap, RHEL, Squid, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 4.
Creation date: 24/02/2016.
Identifiers: CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572, DSA-3522-1, openSUSE-SU-2016:2081-1, RHSA-2016:2600-02, SQUID-2016:2, SUSE-SU-2016:1996-1, SUSE-SU-2016:2089-1, USN-2921-1, USN-3557-1, VIGILANCE-VUL-19018.

Description of the vulnerability

The Squid proxy analyzes HTTP replies from servers.

However, when a reply contains an HTTP header larger than 64k bytes, an assertion error occurs because developers did not except this case, which stops the process.

An attacker can therefore use an HTTP reply containing a large header, to force an assertion error in Squid, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-2390

Squid: denial of service via TLS

Synthesis of the vulnerability

An attacker can trigger an error in TLS connections management between Squid and remote servers, in order to trigger a denial of service.
Impacted products: Squid, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet server.
Creation date: 16/02/2016.
Identifiers: CERTFR-2016-AVI-067, CVE-2016-2390, SQUID-2016:1, SUSE-SU-2016:1996-1, SUSE-SU-2016:2089-1, VIGILANCE-VUL-18953.

Description of the vulnerability

The Squid product may be built with OpenSSL to manage TLS connections.

One may configure Squid to use TLS between the proxy and the remote server even if TLS is not used between the client and the proxy. However, in case of connection errors, Squid may attempt to connect again with 2 parallels TCP connections. This case is not handled and will lead to proxy malfunction or proxy abort.

An attacker can therefore trigger an error in TLS connections management between Squid and remote servers, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 17928

Squid cache: two vulnerabilities of SslBump

Synthesis of the vulnerability

Several vulnerabilities were announced in Squid cache, configured in ssl-bump mode.
Impacted products: Squid.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 18/09/2015.
Identifiers: 4309, CERTFR-2015-AVI-456, SQUID-2015:3, VIGILANCE-VUL-17928.

Description of the vulnerability

Several vulnerabilities were announced in Squid cache, configured in ssl-bump mode.

An attacker can generate an infinite loop in the TLS extension detection function, in order to trigger a denial of service. [severity:2/4]

An attacker can generate an integer overflow with a TLS extension, in order to trigger a denial of service. [severity:1/4]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2015-5400

Squid cache: access control bypass with CONNECT commands

Synthesis of the vulnerability

An attacker can send a CONNECT command to a Squid cache, for instance in order to bypass IP filtering.
Impacted products: Debian, Fedora, openSUSE Leap, Squid, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: privileged access/rights, disguisement.
Provenance: document.
Creation date: 07/07/2015.
Identifiers: CVE-2015-5400, DSA-3327-1, FEDORA-2016-7b40eb9e29, openSUSE-SU-2016:2081-1, SQUID-2015:2, SUSE-SU-2016:1996-1, SUSE-SU-2016:2089-1, VIGILANCE-VUL-17318.

Description of the vulnerability

The Squid cache product is notably an HTTP cache. It be used cascaded with other proxies.

The HTTP command CONNECT is used to create a direct tunnel between the end client and the end server. In this case, the cache only forward TCP data without examining them. This is most often used to start TLS tunnels. However, Squid does not check whether the CONNECT command is accepted by the end server or the next cache. When it is rejected, Squid continues to relay TCP data and so make the server believe that it communicates with an ordinary client the IP address of which is the one of the Squid host.

An attacker can therefore send a CONNECT command to a Squid cache, for instance in order to bypass IP filtering.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Squid cache: