917474 – net-proxy/squid: Improper Validation of Specified Index

Bug 917474 - net-proxy/squid: Improper Validation of Specified Index

Summary: net-proxy/squid: Improper Validation of Specified Index

Status:	RESOLVED DUPLICATE of bug 916334

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://github.com/squid-cache/squid/...
Whiteboard:	B3 [ebuild]
Keywords:

Depends on:
Blocks:

Reported:	2023-11-17 07:23 UTC by Jarkko Suominen
Modified:	2023-11-17 15:10 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jarkko Suominen 2023-11-17 07:23:38 UTC

Due to an Improper Validation of Specified Index bug Squid is vulnerable to a denial of Service attack against SSL Certificate validation.

This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain.

This attack is limited to HTTPS and SSL-Bump.


Affected versions
3.3.0.1 - 5.9 and  6.0 - 6.3

Current stable version in Gentoo tree is 5.7-r1 and latest unstable is 6.2.

This vulnerability has been patched in 6.4 but there are patches for other versions as well:
Patches addressing this problem for the stable releases can be found in our patch archives:
Squid 5: http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch
Squid 6: http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch

Comment 1 Jarkko Suominen 2023-11-17 07:54:30 UTC

There were more vulnerabilities that are affecting versions below 6.4.



https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w

Affected versions: 5.0.3-5.9, 6.0-6.3

Due to an Incorrect Conversion between Numeric Types bug Squid is vulnerable to a Denial of Service attack against FTP Native Relay input validation.

Due to an Incorrect Conversion between Numeric Types bug Squid is vulnerable to a Denial of Service attack against ftp:// URL validation and access control.



https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh

Affected versions: 2.6-6.3

Due to chunked decoder lenience Squid is vulnerable to Request/Response smuggling attacks when parsing HTTP/1.1 and ICAP messages.

This problem allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems when the upstream server interprets the chunked encoding syntax differently from Squid.

This attack is limited to the HTTP/1.1 and ICAP protocols which support receiving Transfer-Encoding:chunked.



https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g

Affected versions: 3.2.0.1-5.9, 6.0-6.3

Due to a buffer overflow bug Squid is vulnerable to a Denial of Service attack against HTTP Digest Authentication.

This problem allows a remote client to perform buffer overflow attack writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.

On machines with advanced memory protections this will result in a Denial of Service against all users of the Squid proxy.

Comment 2 Jarkko Suominen 2023-11-17 08:02:56 UTC


*** This bug has been marked as a duplicate of bug 916334 ***

Comment 3 Jarkko Suominen 2023-11-17 08:05:58 UTC

Marked as duplicate since there was already a collection of vulnerabilities related to net-proxy/squid. Added this one as a comment.

Comment 4 Sam James archtester

2023-11-17 15:10:03 UTC

(In reply to Jarkko Suominen from comment #3)
> Marked as duplicate since there was already a collection of vulnerabilities
> related to net-proxy/squid. Added this one as a comment.

Moving the CVE alias then.