Gentoo Archives: gentoo-announce

From: Luke Macken <lewk@g.o>
To: gentoo-announce@l.g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××.com, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200410-15 ] Squid: Remote DoS vulnerability
Date: Mon, 18 Oct 2004 19:16:51
Message-Id: 1098126928.18003.3.camel@tomservo.rh.rit.edu
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200410-15
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Squid: Remote DoS vulnerability
9 Date: October 18, 2004
10 Bugs: #67167
11 ID: 200410-15
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Squid contains a vulnerability in the SNMP module which may lead to a
19 denial of service.
20
21 Background
22 ==========
23
24 Squid is a full-featured Web proxy cache designed to run on Unix
25 systems. It supports proxying and caching of HTTP, FTP, and other URLs,
26 as well as SSL support, cache hierarchies, transparent caching, access
27 control lists and many other features.
28
29 Affected packages
30 =================
31
32 -------------------------------------------------------------------
33 Package / Vulnerable / Unaffected
34 -------------------------------------------------------------------
35 1 www-proxy/squid < 2.5.7 >= 2.5.7
36
37 Description
38 ===========
39
40 A parsing error exists in the SNMP module of Squid where a
41 specially-crafted UDP packet can potentially cause the server to
42 restart, closing all current connections. This vulnerability only
43 exists in versions of Squid compiled with the 'snmp' USE flag.
44
45 Impact
46 ======
47
48 An attacker can repeatedly send these malicious UDP packets to the
49 Squid server, leading to a denial of service.
50
51 Workaround
52 ==========
53
54 Disable SNMP support or filter the port that has SNMP processing
55 (default is 3401) to allow only SNMP data from trusted hosts.
56
57 To disable SNMP support put the entry snmp_port 0 in the squid.conf
58 configuration file.
59
60 To allow only the local interface to process SNMP, add the entry
61 "snmp_incoming_address 127.0.0.1" in the squid.conf configuration file.
62
63 Resolution
64 ==========
65
66 All Squid users should upgrade to the latest version:
67
68 # emerge sync
69
70 # emerge -pv ">=www-proxy/squid-2.5.7"
71 # emerge ">=www-proxy/squid-2.5.7"
72
73 References
74 ==========
75
76 [ 1 ] iDEFENSE Advisory
77 http://www.idefense.com/application/poi/display?id=152&type=vulnerabilities&flashstatus=true
78
79 Availability
80 ============
81
82 This GLSA and any updates to it are available for viewing at
83 the Gentoo Security Website:
84
85 http://security.gentoo.org/glsa/glsa-200410-15.xml
86
87 Concerns?
88 =========
89
90 Security is a primary focus of Gentoo Linux and ensuring the
91 confidentiality and security of our users machines is of utmost
92 importance to us. Any security concerns should be addressed to
93 security@g.o or alternatively, you may file a bug at
94 http://bugs.gentoo.org.
95
96 License
97 =======
98
99 Copyright 2004 Gentoo Foundation, Inc; referenced text
100 belongs to its owner(s).
101
102 The contents of this document are licensed under the
103 Creative Commons - Attribution / Share Alike license.
104
105 http://creativecommons.org/licenses/by-sa/1.0

Attachments

File name MIME type
signature.asc application/pgp-signature