Squid Web Proxy Cache ftpBuildTitleUrl() function buffer overflow

squid-ftpbuildtitleurl-bo (8258)

High Risk

Description:

Squid is vulnerable to a denial of service attack caused by a buffer overflow in the ftpBuildTitleUrl() function. By sending an FTP request containing a specially-crafted username and password, a remote attacker could overflow a buffer and cause the proxy service to crash. It also may be possible for an attacker to use this vulnerability to gain root privileges on the server.

Platforms Affected:

• FreeBSD, FreeBSD Ports Collection
• MandrakeSoft, Mandrake Linux 7.1
• MandrakeSoft, Mandrake Linux 7.2
• MandrakeSoft, Mandrake Linux 8.0
• MandrakeSoft, Mandrake Linux 8.1
• MandrakeSoft, Mandrake Linux Corporate Server 1.0.1
• MandrakeSoft, Mandrake Single Network Firewall 7.2
• RedHat, Linux 6.2
• RedHat, Linux 7
• RedHat, Linux 7.1
• RedHat, Linux 7.2
• RedHat, Linux 7.3
• SCO, Caldera OpenLinux Server 3.1
• SCO, Caldera OpenLinux Server 3.1.1
• SCO, Caldera OpenLinux Workstation 3.1
• SCO, Caldera OpenLinux Workstation 3.1.1
• Squid-Cache, Squid 2.0
• Squid-Cache, Squid 2.1
• Squid-Cache, Squid 2.2
• Squid-Cache, Squid 2.3
• Squid-Cache, Squid 2.3.1
• Squid-Cache, Squid 2.3.STABLE4-11
• Squid-Cache, Squid 2.3.STABLE5
• Squid-Cache, Squid 2.4
• Squid-Cache, Squid 2.4.STABLE1
• Squid-Cache, Squid 2.4.STABLE2
• Squid-Cache, Squid 2.4.STABLE2-2
• Squid-Cache, Squid 2.4.STABLE3
• SuSE, SuSE Linux 6.4
• SuSE, SuSE Linux 7.0
• SuSE, SuSE Linux 7.1
• SuSE, SuSE Linux 7.2
• SuSE, SuSE Linux 7.3
• SuSE, SuSE Linux Enterprise Server 7.0
• Trustix, Secure Linux 1.01
• Trustix, Secure Linux 1.1
• Trustix, Secure Linux 1.2
• Trustix, Secure Linux 1.5

Remedy:

Upgrade to the latest version of Squid (2.4.STABLE4 or later), as listed in the Squid Proxy Cache Security Update Advisory SQUID-2002:1. See References.

For FreeBSD ports collection prior to 2002-02-19:
Upgrade to the latest ports package dated after 2002-02-19 or upgrade to the latest version of Squid (2.4_8 or later), as listed in FreeBSD, Inc. Security Advisory FreeBSD-SA-02:12. See References.

For Trustix Secure Linux 1.01, 1.1, 1.2, and 1.5:
Upgrade to the latest version of Squid (2.4.STABLE4-1tr or later), as listed in Trustix Secure Linux Bugfix Advisory #2002-0031. See References.

For Mandrake Linux 7.1, 7.2, 8.0, Corporate Server 1.0.1, and Single Network Firewall 7.2:
Upgrade to the latest version of Squid (2.4.STABLE4-1.5mdk or later), as listed in MandrakeSoft Security Advisory MDKSA-2002:016-1 : squid. See References.

For Red Hat Linux 6.2:
Upgrade to the latest version of Squid (2.4.STABLE3-1.6.2 or later), as listed in Red Hat Linux Errata Advisory RHSA-2002:029-09. See References.

For Red Hat Linux 7.0:
Upgrade to the latest version of Squid (2.4.STABLE3-1.7.0 or later), as listed in Red Hat Linux Errata Advisory RHSA-2002:029-09. See References.

For Red Hat Linux 7.1:
Upgrade to the latest version of Squid (2.4.STABLE3-1.7.1 or later), as listed in Red Hat Linux Errata Advisory RHSA-2002:029-09. See References.

For Red Hat Linux 7.2:
Upgrade to the latest version of Squid (2.4.STABLE3-1.7.2 or later), as listed in Red Hat Linux Errata Advisory RHSA-2002:029-09. See References.

For Caldera OpenServer 5.0.6a and earlier:
Upgrade to the latest version of Squid (squid-2.4.STABLE4-VOLS or later), as listed in Caldera International, Inc. Security Advisory CSSA-2002-SCO.7. See References.

For Caldera OpenLinux Server and Workstation 3.1.1:
Upgrade to the latest version of Squid (2.4.STABLE2-3 or later), as listed in Caldera International, Inc. Security Advisory CSSA-2002-010.0. See References.

For SuSE Linux 7.3 and 7.2 (Intel):
Uprade to the latest Squid packages (2.3.STABLE4-155 or later), as listed in SuSE Security Announcement SuSE-SA:2002:008. See References.

For SuSE Linux 7.1 and 7.0 (Intel):
Uprade to the latest Squid packages (2.2.STABLE5-218 or later), as listed in SuSE Security Announcement SuSE-SA:2002:008. See References.

For SuSE Linux 6.4 (Intel):
Uprade to the latest Squid packages (2.2.STABLE5-219 or later), as listed in SuSE Security Announcement SuSE-SA:2002:008. See References.

For SuSE Linux 7.3 (Sparc):
Uprade to the latest Squid packages (2.3.STABLE4-53 or later), as listed in SuSE Security Announcement SuSE-SA:2002:008. See References.

For SuSE Linux 7.1 (Sparc):
Uprade to the latest Squid packages (2.2.STABLE5-208 or later), as listed in SuSE Security Announcement SuSE-SA:2002:008. See References.

For SuSE Linux 7.0 (Sparc):
Uprade to the latest Squid packages (2.2.STABLE5-207 or later), as listed in SuSE Security Announcement SuSE-SA:2002:008. See References.

For SuSE Linux 7.3 (PPC Power PC ):
Uprade to the latest Squid packages (2.3.STABLE4-71 or later), as listed in SuSE Security Announcement SuSE-SA:2002:008. See References.

For SuSE Linux 7.1, 7.0, and 6.4 (PPC Power PC ):
Uprade to the latest Squid packages (2.2.STABLE5-200 or later), as listed in SuSE Security Announcement SuSE-SA:2002:008. See References.

For SuSE Linux 7.1 (AXP Alpha ):
Uprade to the latest Squid packages (2.2.STABLE5-225 or later), as listed in SuSE Security Announcement SuSE-SA:2002:008. See References.

For SuSE Linux 7.0 (AXP Alpha ):
Uprade to the latest Squid packages (2.2.STABLE5-226 or later), as listed in SuSE Security Announcement SuSE-SA:2002:008. See References.

For SuSE Linux 6.4 (AXP Alpha ):
Uprade to the latest Squid packages (2.2.STABLE5-227 or later), as listed in SuSE Security Announcement SuSE-SA:2002:008. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Gain Access

References:

• BugTraq Mailing List, Fri Feb 22 2002 - 08:26:26 CST, Squid buffer overflow at http://archives.neohapsis.com/archives/bugtraq/2002-02/0251.html.
• Caldera International, Inc. Security Advisory CSSA-2002-010.0, Linux: ftp vulnerability in squid at ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2002-010.0.txt.
• Caldera International, Inc. Security Advisory CSSA-2002-SCO.7, OpenServer: multiple vulnerabilities in squid at ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.7/CSSA-2002-SCO.7.txt.
• FreeBSD Security Advisory FreeBSD-SA-02:12, multiple security vulnerabilities in squid port at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc.
• Squid Proxy Cache Security Update Advisory SQUID-2002:1, Squid HTTP Proxy Security Update Advisory 2002:1 at http://www.squid-cache.org/Advisories/SQUID-2002_1.txt.
• Squid Web Proxy Cache Web site, Squid Web Proxy Cache at http://www.squid-cache.org.
• Trustix Secure Linux Bugfix Advisory #2002-0031, squid-cron at http://www.trustix.net/errata/2002/0031/.
• BID-4148: Squid Cache FTP Proxy URL Buffer Overflow Vulnerability
• CVE-2002-0068: Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters.
• MDKSA-2002:016: Updated squid packages fix several insecurities
• MDKSA-2002:016-1: Updated squid packages fix dependency on openldap
• OSVDB ID: 5378: Squid FTP URL Special Character Overflow
• RHSA-2002-029: New squid packages available
• US-CERT VU#613459: Squid Proxy Server contains buffer overflow in parsing of the authentication portion of FTP URLs

Reported:

Feb 21, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page