Bug 1312262 (CVE-2016-2571, CVE-2016-2572) - CVE-2016-2571 CVE-2016-2572 squid: wrong error handling for malformed HTTP responses
Summary: CVE-2016-2571 CVE-2016-2572 squid: wrong error handling for malformed HTTP re...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2016-2571, CVE-2016-2572
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1312267 1322770
Blocks: 1312266
TreeView+ depends on / blocked
 
Reported: 2016-02-26 09:22 UTC by Andrej Nemec
Modified: 2021-02-17 04:16 UTC (History)
8 users (show)

Fixed In Version: squid 4.0.7, squid 3.5.15
Doc Type: Bug Fix
Doc Text:
It was found that squid did not properly handle errors when failing to parse an HTTP response, possibly leading to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response.
Clone Of:
Environment:
Last Closed: 2016-11-04 09:00:53 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2600 0 normal SHIPPED_LIVE Moderate: squid security, bug fix, and enhancement update 2016-11-03 12:12:25 UTC

Description Andrej Nemec 2016-02-26 09:22:46 UTC
Error handling for malformed HTTP responses can lead to a second
assertion with the same effects as the first issue. It is not easily
triggered in Squid-3 or normally in Squid-4.

However fixing the String issue makes it become easily triggerable in
Squid-4, and we do have a history of the assertion itself being
reported as occuring already but been unable to identify the vectors
code path to replicate it yet. So we believe it can be achieved
independent of the String issues, even if we are unable so far to
identify how.

Comment 1 Andrej Nemec 2016-02-26 09:25:43 UTC
External references:

http://www.squid-cache.org/Advisories/SQUID-2016_2.txt

Upstream patches:

http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13990.patch
http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch

CVE assignment:

http://seclists.org/oss-sec/2016/q1/442

Also adding CVE-2016-2572, as assigned by Mitre for another part of this issue, fixed in this patch.

Comment 2 Andrej Nemec 2016-02-26 09:29:22 UTC
Created squid tracking bugs for this issue:

Affects: fedora-all [bug 1312267]

Comment 6 errata-xmlrpc 2016-11-03 21:17:00 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:2600 https://rhn.redhat.com/errata/RHSA-2016-2600.html

Comment 8 Andrej Nemec 2017-09-08 11:53:02 UTC
Statement:

Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. 

For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.


Note You need to log in before you can comment on or make changes to this bug.