Bug 1189403 - (CVE-2021-28116) VUL-0: CVE-2021-28116: squid,squid3: out-of-bounds read in WCCP protocol data may lead to information disclosure
(CVE-2021-28116)
VUL-0: CVE-2021-28116: squid,squid3: out-of-bounds read in WCCP protocol data...
Status: NEW
: 1182041 1182042 (view as bug list)
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Adam Majer
Security Team bot
https://smash.suse.de/issue/277626/
CVSSv3.1:SUSE:CVE-2021-28116:5.3:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-08-12 14:41 UTC by Marcus Meissner
Modified: 2022-08-09 07:11 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2021-08-12 14:41:14 UTC
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Squid Cache. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the handling of the WCCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the "nobody" user.

https://www.zerodayinitiative.com/advisories/ZDI-21-157/
https://github.com/squid-cache/squid/security/advisories/GHSA-rgf3-9v3p-qp82
Comment 1 Marcus Meissner 2021-08-12 14:44:37 UTC
i dont see any wccp changes in the timeframe in squid git currently.

likely unfixed upstream?
Comment 2 Adam Majer 2021-10-04 13:29:32 UTC
Advisory is now published and we have patched 4.x and 5.x versions.

https://github.com/squid-cache/squid/security/advisories/GHSA-rgf3-9v3p-qp82

Also seems that Bug #1182041 and Bug #1182042 are duplicates of this advisory.
Comment 3 Robert Frohl 2021-10-06 11:32:45 UTC
*** Bug 1182042 has been marked as a duplicate of this bug. ***
Comment 4 Robert Frohl 2021-10-06 11:32:58 UTC
*** Bug 1182041 has been marked as a duplicate of this bug. ***
Comment 6 OBSbugzilla Bot 2021-10-06 18:40:07 UTC
This is an autogenerated message for OBS integration:
This bug (1189403) was mentioned in
https://build.opensuse.org/request/show/923558 Factory / squid
Comment 8 Swamp Workflow Management 2021-10-11 19:20:51 UTC
SUSE-SU-2021:3334-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1189403
CVE References: CVE-2021-28116
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    squid-4.17-4.21.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2021-10-20 19:19:44 UTC
SUSE-SU-2021:3485-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1189403
CVE References: CVE-2021-28116
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    squid-4.17-5.29.1
SUSE Linux Enterprise Module for Server Applications 15-SP2 (src):    squid-4.17-5.29.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2021-10-20 19:35:59 UTC
openSUSE-SU-2021:3485-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1189403
CVE References: CVE-2021-28116
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    squid-4.17-5.29.1
Comment 11 Swamp Workflow Management 2021-10-31 20:23:19 UTC
openSUSE-SU-2021:1419-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1189403
CVE References: CVE-2021-28116
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    squid-4.17-lp152.2.12.1