Bugzilla – Bug 65421
VUL-0: CVE-2005-0241: more squid security issues
Last modified: 2021-10-27 15:54:04 UTC
====================================================== Candidate: CAN-2005-0211 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0211 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20050201 Category: SF Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_buffer_overflow Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_buffer_overflow.patch Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter.
<!-- SBZ_reproduce --> n/a
klaus, please check if we are affected.
there is also: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch Did we fix that already, or not?
No, didn't saw them before. Both are new to me. --> affected. Working on it.
On Wednesday 02 February 2005 12:44, Martin Schulze wrote: > ARGS. What does CAN-2005-0095 refer to then? If my notes are correct it is two different wccp issues: CAN-2005-0095: http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_denial_o f_service CAN-2005-0211: http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_buffer_o verflow
the 0095 one was fixed with the previous update I think.
swamp master id: 321
====================================================== Candidate: CAN-2005-0241 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0241 Reference: CONFIRM:http://www.squid-cache.org/bugs/show_bug.cgi?id=1216 Reference: +CONFIRM:http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-over +size_reply_headers Reference: +CONFIRM:http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-overs +ize_reply_headers.patch The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, with unknown impact.
(we have the patch in the current packages, just not the correct CAN ID)
I already submitted the packages. Don't know, why I still have the bug. The fixed packages are also back in /work/SRC, e.g. in /work/SRC/old-versions/9.2/all/squid/ Don't know what else to do --> reassinging it
you had the bug because you did not reassign it back to us ;) Thanks Klaus!
on squid bug webpage -> public
updated packages approved.
update seems to be flawed. Date: Sat, 12 Feb 2005 15:21:51 -0600 To: Thomas Biege <thomas@suse.de> From: Mark Condic <condic@comcast.net> Subject: Re: [suse-security-announce] SUSE Security Announcement: squid (SUSE-SA:2005:006) The latest SuSE 9.2 security update of squid has a generated thousands of entries in the logs /var/log/messages: squid[3455]: ctx: enter level 2254: '<lost>' ... squid[3455]: httpReadReply: Excess data from "GET http://www.amazon.com/ I don't see any information in the changelog. There is no new squid.conf.rpmnew. This is using up a lot of CPU time, as well as . Any ideas of what is causing this? How can I fix it? Any URL's you can point me to? In the discussion group, others have complained of the same problem, without any solutions. Thanks -------------------------------------------------------------------
> > SUSE Security Announcement > > Package: squid > Announcement-ID: SUSE-SA:2005:006 > Date: Thursday, Feb 10th 2005 13:30 MET > Affected products: 8.1, 8.2, 9.0, 9.1, 9.2 Hallo Thomas, ein kleines Problem nach der Installation der SuSE 9.0 i586.patch.rpm: (aktueller 2.4.21-273-default-Kernel) /var/log # tail messages Feb 11 10:24:07 portal2 squid[7203]: ctx: enter level 504: '<lost>' Feb 11 10:24:07 portal2 squid[7203]: ctx: enter level 505: '<lost>' Feb 11 10:24:07 portal2 squid[7203]: ctx: enter level 506: '<lost>' Feb 11 10:24:07 portal2 squid[7203]: ctx: enter level 507: '<lost>' Feb 11 10:24:07 portal2 squid[7203]: ctx: enter level 508: '<lost>' Feb 11 10:24:07 portal2 squid[7203]: ctx: enter level 509: '<lost>' Feb 11 10:24:07 portal2 squid[7203]: ctx: enter level 510: '<lost>' Feb 11 10:24:07 portal2 squid[7203]: ctx: enter level 511: '<lost>' Feb 11 10:24:07 portal2 squid[7203]: ctx: enter level 512: '<lost>' Feb 11 10:24:07 portal2 squid[7203]: # ctx: suspiciously deep (512) nesting Probleme bei der Kompilierung der rpm? Schönes Wochenende! Klaus Sarrach Administrator
critical problems at customer end
no idea at the moment. working on it.
Think, I found the problem. As the patch didn't applied from itself, I patched it manually and forgot to remove a small "ctx_enter(entry->mem_obj->url);"
Peter reported the problem first (and was former squid maintainer). Think he should get access...
Klaus -- I have installed the fixed packages you just built on one 92 and one 90 machine, and the problem appears gone.
Packages are submitted. Nevertheless it seems to be gone: testing-team please test them... -> reassign to security-team for further bug processing.
move to suselinux category.
new swampid: 391
SM-Tracker-392
:) already submitted a patchinfo with 392 .. i'll delete 391, ok?
For the patchinfo: the last security fix caused a memory leak. Can't explain, why it suddenly became slower, as someone mentioned. Maybe because of the many logfiles entries?
/work/src/done/PATCHINFO/squid.1nzeUs /work/src/done/PATCHINFO/squid.XyXR6t
comment #26: I'll not mention the memory leak. ;-) I would bed on the log-entry generation too.
updates released.
CVE-2005-0241: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)