Bug 1148832 (CVE-2014-7142) - CVE-2014-7142 squid: pinger incorrect input validation flaw in handling of ICMP replies (SQUID-2014:4)
Summary: CVE-2014-7142 squid: pinger incorrect input validation flaw in handling of IC...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2014-7142
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1139719
TreeView+ depends on / blocked
 
Reported: 2014-10-02 13:28 UTC by Vincent Danen
Modified: 2021-02-17 06:08 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-10-02 13:30:04 UTC


Attachments (Terms of Use)

Description Vincent Danen 2014-10-02 13:28:51 UTC
Another flaw was reported in the Squid pinger program due to incorrect input validation.  This could be used to cause a Denial of Service or information leak when the pinger program processes ICMP or ICMPv6 packets.

While this problem exists in the source code of squid packages as shipped with Red Hat Enterprise Linux 6 and 7, as well as current Fedora releases, the program itself is not built.


Statement:

This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they do not provide the vulnerable program "pinger".


External References:

http://www.squid-cache.org/Advisories/SQUID-2014_4.txt

Comment 1 Tomas Hoger 2014-10-06 21:24:31 UTC
Upstream commit:

http://bazaar.launchpad.net/~squid/squid/trunk/revision/13583

The above commit fixes both CVE-2014-7141 and CVE-2014-7142.

The CVE-2014-7142 issue is an integer underflow when computing size of the ICMP reply data.  This leads to an attempt to copy large amount of data, which should trigger pinger process crash.  Unlike CVE-2014-7141, this issue only existed in ICMP(v4) handling, the ICMPv6 previously had similar check.


Note You need to log in before you can comment on or make changes to this bug.