|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2005-0175: squid: several security related bugs | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Thomas Biege <thomas> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | heiko.rommel, patch-request, security-team |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | CVE-2005-0175: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) | ||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Thomas Biege
2005-01-20 19:42:27 UTC
<!-- SBZ_reproduce --> - SM-Tracker-200 Hi Klaus, can you outline the current status please. working on it... realized, that I want to check out, if are affected by bugzilla#49288 either in other SuLi versions... BTW: I'm trying to fix these security issues either (no CAN-# found) http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_splitting http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces but some of these aren't very short and many changes have been done between SLES8 squid and current. :( Submitted new packages. Here is a overview of the patches (best viewed with
fixed font :-)
8.1 8.2 9.0 9.1 9.2
CAN-2005-0094 gopher_html_parsing o.k. o.k. o.k. o.k. o.k.
CAN-2005-0095 wccp_denial_of_service mod o.k. o.k. o.k. o.k.
CAN-2005-0097 fakeauth_auth n.a. o.k. o.k. o.k. o.k.
CAN-2005-0096 fakeauth_auth n.a. o.k. o.k. o.k. o.k.
ldap_spaces mod mod mod mod o.k.
response_splitting - mod mod mod o.k.
header_parsing - - - - -
Note:
n.a.: not affected = functionality missing in this version
o.k: upstream patch applied without any problems
mod: upstream patch needed modifications to get applied
- major functionality missing, like the FD abstraction layer;
cannot apply this patch
Note:
8.1 includes 8.1, SLES8, SLEC, UL, etc.
9.1 includes 9.1, SLES9, SLD, etc.
Security team:
can you please handle next steps of update step, like SWAMP/patchinfo file?
Testing team:
didn't tested much, please take care.
Thanks Klaus. `patchinfo-box.squid' -> `/work/src/done/PATCHINFO/patchinfo-box.squid' `patchinfo.squid' -> `/work/src/done/PATCHINFO/patchinfo.squid' >These issues were just reported to vendor-sec. OK. I'm treating these as "not sufficiently public" so there isn't any information in the CANs themselves. >Sanity check usernames in squid_ldap_auth > >http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces > >Synopsis: >LDAP is very forgiving about spaces in search filters and this could >be abused to log in using several variants of the login name, possibly >bypassing explicit access controls or confusing accounting Use CAN-2005-0173 >Reject malformed HTTP requests and responses that conflict with the >HTTP specifications > >http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsi +ng > >This patch makes Squid considerably stricter while parsing the HTTP >protocol. If it just rejected malformed requests because they might be bad, I wouldn't normally assign a CAN. However, some cache poisoning in Squid can happen as a result of the Content-Length issue, so: Use CAN-2005-0174 >Strengthen Squid from HTTP response splitting cache pollution attack > >http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_spl +itting Use CAN-2005-0175 packages approved CVE-2005-0175: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) |