__________________________________________________________________
Squid Proxy Cache Security Update Advisory SQUID-2008:1
__________________________________________________________________
Advisory ID: SQUID-2008:1
Date: June 22, 2008
Summary: Remote denial of service in SNMP parser
Affected versions: All 3.0 versions up to 3.0.STABLE7
Fixed in version: 3.0.STABLE7
__________________________________________________________________
/Advisories/SQUID-2004_3.txt
/Advisories/SQUID-2008_1.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0918
__________________________________________________________________
Problem Description:
Advisory 2004-3 was fixed in 2.5.STABLE7 and all later 2.x releases,
but was unfortunately not duplicated in the 3.x branch.
A bug exists in the ASN1 parser used in Squid's SNMP library. This
code fails to fully validate certain fields in SNMP queries. A
specially-crafted message may contain negative values, which Squid
passes to the malloc() function. This may lead to a segmentation
violation and cause Squid to restart.
------------------------------------------------------------------
Severity:
The bug is significant because it forces squid to restart, thus
disrupting active transactions. The buggy code is executed even
before Squid makes any access control checks (i.e. snmp_access).
__________________________________________________________________
Updated Packages:
The Squid-3.0.STABLE7 release contains a fix for this
problem. You can download the Squid-3.0.STABLE7 release from
ftp://ftp.squid-cache.org/pub/archive/3.0/
/Versions/v3/3.0/
or the mirrors (may take a while before all mirrors are updated).
For a list of mirror sites see
/Download/ftp-mirrors.html
/Download/http-mirrors.html
An individual patch for this issues can be found in our
patch archive for version Squid-3.0.STABLE6:
/Versions/v3/3.0/changesets/b8826.patch
If necessary, this short patch should also apply to any version
of Squid 3.0 released before June 2008.
If you are using a prepackaged version of Squid then please
refer to the package vendor for availability information on
updated packages.
__________________________________________________________________
Determining if your version is vulnerable:
This bug is present by default in all 3.0 releases before
3.0.STABLE7 since SNMP support is present by default.
However, Squid is vulnerable only if it is listening for SNMP
queries on a UDP port. The default configuration in 3.0 is for
the SNMP port to be closed.
Squid is at risk unless built with configure option --disable-snmp.
You can check if squid.conf contains the 'snmp_port' option with
a non-zero value.
Or if Squid's cache.log file contains the following message:
Accepting SNMP messages on port 3401, FD nn.
__________________________________________________________________
Workarounds:
The best workaround is to close Squid's SNMP port, at least
temporarily. Close SNMP port by removing the snmp_port directive
or setting it to '0'.
Note that in 3.0 releases the default SNMP port setting is closed.
This differs form the original 2004-3 advisory.
If your SNMP agent runs on the same host as Squid, use the loopback
IP address and use a packet filter rule to block SNMP messages
from outside hosts. You can bind Squid's SNMP port to the loopback
address with this directive:
snmp_incoming_address 127.0.0.1
Restart or reconfigure Squid after editing squid.conf.
If your SNMP agent runs on a different host as Squid, configure
the firewall on your Squid box to only permit SNMP traffic between
your trusted agent and the Squid SNMP port.
__________________________________________________________________
Contact details for the Squid project:
For installation / upgrade support: Your first point of contact
should be your binary package vendor.
If your install is built from the original Squid sources, then
the squid-users@squid-cache.org mailing list is your primary
support point. (see
for subscription details).
For bug reporting, particularly security related bugs the
squid-bugs@squid-cache.org mailing list is the appropriate forum.
It's a closed list (though anyone can post) and security related
bug reports are treated in confidence until the impact has been
established. For non security related bugs, the squid bugzilla
database should be used .
__________________________________________________________________
Credits:
The vulnerability was reported by iDEFENSE Labs (www.idefense.com).
Henrik Nordstrom developed the patch for snmplib/asn1.c
__________________________________________________________________
Revision history:
2004-10-05 00:00 GMT Disclosure of vulnerability by iDEFENSE
2004-10-25 02:10 GMT Initial release of 2004-3 document
2008-06-26 01:28 GMT Revision for Squid 3.0 regression
2008-11-07 00:28 GMT Appended fixed version to summary
2010-09-16 07:05 GMT Reference link updates
__________________________________________________________________
END
387 Captain Parks, however, agreed with Mr. Everdail, who trusted him absolutely—if Sandy did not—that it would be wise not to give any person who had been on the yacht during its crossing any chance to get away. Felipa stood leaning listlessly against the post of the ramada, watching them. After a time she went into the adobe and came out with a pair of field-glasses, following the course of the command as it wound along among the foot-hills. The day dragged dully along. She was uneasy about her husband, her nerves were shaken with the coffee and quinine, and she was filled,[Pg 76] moreover, with a vague restlessness. She would have sent for her horse and gone out even in the clouds of dust and the wind like a hot oven, but Landor had forbidden her to leave the post. Death in the tip of a poisoned arrow, at the point of a yucca lance, or from a more merciful bullet of lead, might lurk behind any mesquite bush or gray rock. Chapter 9 "Very well," answered the Deacon a little stiffly, for he was on his guard against cordial strangers. "Deed he was," answered Si. "He and his fathers before him run' this whole neck o' woods accordin' to the big Injun taste, and give the Army o' the United States all they wanted to do. Used to knock all the other Injuns around here about like ten-pins. The Rosses were bosses from the word go." Little Pete had an idea. He wriggled in between, snatched the glasses, and made off with them. Dara looked away. "I have my song," she said. HoME日韩一级特黄高清免费自拍
ENTER NUMBET 0017
www.niliu6.net.cn
www.riju9.net.cn
laosu9.net.cn
www.dudou0.net.cn
jlfhol.org.cn
www.jnhltx.com.cn
fenni5.com.cn
www.erlun9.net.cn
taidu7.net.cn
75ze.com.cn