Bug 170410 - CAN-2005-2794 -2917 squid multiple vulnerabilities
CAN-2005-2794 -2917 squid multiple vulnerabilities
Status: CLOSED DUPLICATE of bug 152809
Product: Fedora Legacy
Classification: Retired
Component: squid (Show other bugs)
rhl7.3
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-10-11 09:59 EDT by John Dalbec
Modified: 2007-04-18 13:32 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-11-17 19:36:52 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description John Dalbec 2005-10-11 09:59:31 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20050729 Netscape/8.0.3.3

Description of problem:
05.19.16 CVE: Not Available
Platform: Unix
Title: Squid Proxy Unspecified DNS Spoofing
Description: Squid Proxy is a freely available, open source web proxy
software package. Squid Proxy is affected by an unspecified DNS
spoofing vulnerability. Squid Proxy versions 2.5 and earlier are known
to be vulnerable.
Ref: http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query 

(2) MODERATE: Multiple Vendor HTTP Request Smuggling
Affected:
Configurations involving a number of popular web proxy/cache servers and
web application firewalls

Description: A new attack technique named "HTTP Request Smuggling" has
been reported to affect configurations that involve one or more web
entities (i.e. a web proxy server, a web cache server or a web
application firewall) between a user and a web server. The attack can
be carried out by crafting back-to-back HTTP requests that are
interpreted differently by the web entities. For example, if an HTTP
request is crafted with two distinct HTTP "Content-Length" headers, the
two web entities may process the same request by honoring either the
first or the last "Content-Length" header. The discoverers have shown
how an attacker can exploit such behaviors by crafting HTTP requests
that may result in web cache poisoning, bypassing the web firewall,
cross-site scripting (requiring no user interaction) or session
hijacking. The vulnerable example configurations listed in the
discoverers' posting include Sun ONE proxy server, Sun ONE webserver,
CheckPoint Firewall, Microsoft IIS server, Microsoft ISA server, Apache,
Jakarta Tomcat server, IBM WebSphere, BEA WebLogic, Oracle9iAS, Squid,
Delegate and Oracle WebCache.

Status: Squid and CheckPoint have distributed patches. The status
regarding other vendors is not currently known.

Council Site Actions: Two council sites are still evaluating if they are
vulnerable. One site has already patched their system.

References:
Watchfire Whitepaper
http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf  
SecurityFocus BID
http://www.securityfocus.com/bid/13873 

05.23.14 CVE: Not Available
Platform: Cross Platform
Title: Multiple Vendor Multiple HTTP Request Smuggling
Description: Multiple vendors are prone to a new class of attack named
"HTTP Request Smuggling". This class of attack basically revolves
around piggybacking a HTTP request inside of another HTTP request. By
leveraging failures to implement the HTTP/1.1 RFC properly, it is
demonstrated that this class of attack may result in cache poisoning,
cross-site scripting, session hijacking and other attacks. Reports
indicate that Microsoft IIS 5.0 is affected.
Ref: http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf 

05.37.15 CVE: CAN-2005-2794
Platform: Unix
Title: Squid Proxy Aborted Requests Remote Denial of Service
Description: Squid Proxy is a freely available, open source Web proxy
software package. A remote denial of service vulnerability affects the
Squid Proxy. This issue is due to a failure of the application to
properly handle exceptional network requests. A remote attacker may
leverage this issue to crash the affected Squid Proxy, denying service
to legitimate users.
Ref: http://www.securityfocus.com/bid/14761

05.40.12 CVE: CAN-2005-2917
Platform: Unix
Title: Squid Proxy Client NTLM Authentication Denial of Service
Description: Squid Proxy is a web proxy software package. It is
reported to be vulnerable to a denial of service issue. The issue
presents itself when proxy handles certain NTLM request sequences.
Squid Web Proxy Cache version 2.5 .STABLE9 is reported to be
vulnerable.
Ref: http://www.securityfocus.com/bid/14977

Version-Release number of selected component (if applicable):


How reproducible:
Didn't try


Additional info:
Comment 1 David Eisenstein 2005-10-28 04:49:32 EDT
Please see attachment #120495 [details] for a listing of all CVE's covered by Bug #152809
and new bugs that we can deal with in this bug report.  This attachment is
introduced in bug 152809 comment 12.
Comment 2 Marc Deslauriers 2005-11-15 00:17:35 EST
Wow...that's great work David. Thanks.
Comment 3 David Eisenstein 2005-11-17 04:20:06 EST
You're welcome.  

Where do we go from here?  Is bug 152809 released?
Comment 4 Marc Deslauriers 2005-11-17 19:36:52 EST
Let's track this in 152809.

*** This bug has been marked as a duplicate of 152809 ***

Note You need to log in before you can comment on or make changes to this bug.