Bug 1312262 - (CVE-2016-2571, CVE-2016-2572) CVE-2016-2571 CVE-2016-2572 squid: wrong error handling for malformed HTTP responses
CVE-2016-2571 CVE-2016-2572 squid: wrong error handling for malformed HTTP re...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20160224,repor...
: Security
Depends On: 1312267 1322770
Blocks: 1312266
  Show dependency treegraph
 
Reported: 2016-02-26 04:22 EST by Andrej Nemec
Modified: 2017-09-08 07:53 EDT (History)
8 users (show)

See Also:
Fixed In Version: squid 4.0.7, squid 3.5.15
Doc Type: Bug Fix
Doc Text:
It was found that squid did not properly handle errors when failing to parse an HTTP response, possibly leading to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-11-04 05:00:53 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Andrej Nemec 2016-02-26 04:22:46 EST
Error handling for malformed HTTP responses can lead to a second
assertion with the same effects as the first issue. It is not easily
triggered in Squid-3 or normally in Squid-4.

However fixing the String issue makes it become easily triggerable in
Squid-4, and we do have a history of the assertion itself being
reported as occuring already but been unable to identify the vectors
code path to replicate it yet. So we believe it can be achieved
independent of the String issues, even if we are unable so far to
identify how.
Comment 1 Andrej Nemec 2016-02-26 04:25:43 EST
External references:

http://www.squid-cache.org/Advisories/SQUID-2016_2.txt

Upstream patches:

http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13990.patch
http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch

CVE assignment:

http://seclists.org/oss-sec/2016/q1/442

Also adding CVE-2016-2572, as assigned by Mitre for another part of this issue, fixed in this patch.
Comment 2 Andrej Nemec 2016-02-26 04:29:22 EST
Created squid tracking bugs for this issue:

Affects: fedora-all [bug 1312267]
Comment 6 errata-xmlrpc 2016-11-03 17:17:00 EDT
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:2600 https://rhn.redhat.com/errata/RHSA-2016-2600.html
Comment 8 Andrej Nemec 2017-09-08 07:53:02 EDT
Statement:

Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. 

For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Note You need to log in before you can comment on or make changes to this bug.