The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Squid: denial of service of SNMP agent

Synthesis of the vulnerability 

By sending malicious data to the SNMP agent of Squid, a network attacker can stop it.
Vulnerable systems: Debian, Fedora, Mandriva Linux, openSUSE, RHEL, RedHat Linux, Squid.
Severity of this threat: 1/4.
Creation date: 12/10/2004.
Revisions dates: 14/10/2004, 21/10/2004, 22/10/2004, 25/10/2004, 29/10/2004, 30/06/2008.
Références of this weakness: BID-11385, CERTA-2004-AVI-348, CVE-2004-0918, DSA-576, DSA-576-1, FEDORA-2004-338, FEDORA-2008-6045, FLSA-2006:152809, MDKSA-2004:112, RHSA-2004:591, SQUID-2004:3, SQUID-2008:1, SUSE-SR:2008:014, V6-SQUIDSNMPASN1PARSEDOS, VIGILANCE-VUL-4436.

Description of the vulnerability 

The Squid proxy has a SNMP agent which is used by the administrator to obtain information on the cache. This agent has to be compiled in Squid, then enabled in the configuration file.

The SNMP protocol uses ASN.1 to encode data. The asn_parse_header() function of snmplib/asn1.c file of Squid decodes data.

However, a special SNMP packet can create an error in asn_parse_header(), which forces a reload of Squid.

An attacker allowed to send SNMP packets to the UDP port of Squid can thus create a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security bulletin impacts software or systems such as Debian, Fedora, Mandriva Linux, openSUSE, RHEL, RedHat Linux, Squid.

Our Vigil@nce team determined that the severity of this cybersecurity announce is low.

The trust level is of type confirmed by the editor, with an origin of intranet client.

An attacker with a expert ability can exploit this vulnerability alert.

Solutions for this threat 

Squid: version 2.5.STABLE7.
La version Squid-2.5.STABLE7 est corrigée :
  http://www.squid-cache.org/
  
Un patch est aussi proposé :
  http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE6-SNMP_core_dump.patch
Une contre-mesure consiste à désactiver le support SNMP dans squid.conf (snmp_port 0), ou à filtrer les adresses (snmp_incoming_address adresse).

Squid: version 3.0.STABLE7.
Version 3.0.STABLE7 is corrected:
  http://www.squid-cache.org/

Debian: new squid packages.
De nouveaux paquetages sont disponibles :
  Source :
    http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody4.dsc
      Size/MD5 checksum: 612 ecf99211ec91dfb34bd6089ec9ae1b53
    http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody4.diff.gz
      Size/MD5 checksum: 226359 4e6ade338491ef8569035c4aecc855ef
    http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz
      Size/MD5 checksum: 1081920 59ce2c58da189626d77e27b9702ca228
  Intel IA-32 :
    http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody4_i386.deb
      Size/MD5 checksum: 684008 0a09e40e20659cebdbab638f1cbc009b
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody4_i386.deb
      Size/MD5 checksum: 72762 9e32b4f77446d9172b381f52f18a11eb
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody4_i386.deb
      Size/MD5 checksum: 57912 5b8e0c713676845dc5a7263a44dd56cd

Fedora 9: new squid packages.
New packages are available:
  squid-3.0.STABLE7-1.fc9

Fedora: new squid packages.
De nouveaux paquetages sont disponibles :
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
b186266417cde4ae107590c2a57529e3 SRPMS/squid-2.5.STABLE5-4.fc2.2.src.rpm
4ec79efd0c0adc7374814f60fefea25b x86_64/squid-2.5.STABLE5-4.fc2.2.x86_64.rpm
40c4b0a65a0a9696bb24b5c3a9fbad3d x86_64/debug/squid-debuginfo-2.5.STABLE5-4.fc2.2.x86_64.rpm
be53dc7d7978aa246739670e1f994402 i386/squid-2.5.STABLE5-4.fc2.2.i386.rpm
7f9c55b03369c0985fab4c56bab719f0 i386/debug/squid-debuginfo-2.5.STABLE5-4.fc2.2.i386.rpm

Mandrake: new squid packages.
De nouveaux paquetages sont disponibles :
 Mandrakelinux 10.0:
 73fa6afb48cd0c9985ff1ca0fe4502e6 10.0/RPMS/squid-2.5.STABLE4-2.2.100mdk.i586.rpm
 6c927aa442c77b743f7861b05930cf9d 10.0/SRPMS/squid-2.5.STABLE4-2.2.100mdk.src.rpm
 Mandrakelinux 10.0/AMD64:
 197673fc1350ee72516f28a1bced5125 amd64/10.0/RPMS/squid-2.5.STABLE4-2.2.100mdk.amd64.rpm
 6c927aa442c77b743f7861b05930cf9d amd64/10.0/SRPMS/squid-2.5.STABLE4-2.2.100mdk.src.rpm
 Mandrakelinux 9.2:
 a026dc8229fddb9072b9029f2cf9c0e9 9.2/RPMS/squid-2.5.STABLE3-3.4.92mdk.i586.rpm
 a09fa332b5f211305012012ca24e59d2 9.2/SRPMS/squid-2.5.STABLE3-3.4.92mdk.src.rpm
 Mandrakelinux 9.2/AMD64:
 52a4d17751414ac7a5f3c091ef4b1c48 amd64/9.2/RPMS/squid-2.5.STABLE3-3.4.92mdk.amd64.rpm
 a09fa332b5f211305012012ca24e59d2 amd64/9.2/SRPMS/squid-2.5.STABLE3-3.4.92mdk.src.rpm

Red Hat Linux, Fedora Core: new squid packages.
New packages are available:
Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/squid-2.4.STABLE7-0.73.3.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/squid-2.4.STABLE7-0.73.3.legacy.i386.rpm
Red Hat Linux 9:
SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/squid-2.5.STABLE1-9.10.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/squid-2.5.STABLE1-9.10.legacy.i386.rpm
Fedora Core 1:
SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/squid-2.5.STABLE3-2.fc1.6.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/squid-2.5.STABLE3-2.fc1.6.legacy.i386.rpm
Fedora Core 2:
SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/squid-2.5.STABLE9-1.FC2.4.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/squid-2.5.STABLE9-1.FC2.4.legacy.i386.rpm

RHEL: new squid packages.
De nouveaux paquetages sont disponibles :
Red Hat Enterprise Linux version 2.1: squid-2.4.STABLE7-1.21as
Red Hat Enterprise Linux version 3: squid-2.5.STABLE3-6.3E.2

SUSE: new sudo, courier-authlib, gnome-screensaver, clamav, etc. packages.
New packages are available.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides computers vulnerabilities patches. The Vigil@nce vulnerability database contains several thousand vulnerabilities.