CVE-2004-0918
published 2005-01-27CVE-2004-0918: The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service…
PriorityP422medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
16.03%
96.5th percentile
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | squid | < squid 2.5.7 (bookworm) | squid 2.5.7 (bookworm) |
| openpkg | openpkg | — | — |
| openpkg | openpkg | — | — |
| openpkg | openpkg | — | — |
| redhat | fedora_core | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | >= 0 < 2.5.7 | 2.5.7 |
| squid | squid | >= 0 < 2.5.7 | 2.5.7 |
| squid | squid | >= 0 < 2.5.7 | 2.5.7 |
| squid | squid | >= 0 < 2.5.7 | 2.5.7 |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for SNMP packets with negative length fields in ASN.1 headers directed at Squid proxy instances; these trigger a memory allocation error and server restart. ↗
- →The vulnerable function is asn_parse_header in asn1.c within Squid's SNMP module; monitor for unexpected Squid process restarts correlated with inbound SNMP traffic. ↗
- →Insufficient validation of ASN.1 headers in SNMP packets is the root cause; inspect SNMP traffic for malformed ASN.1 length fields (negative/oversized values). ↗
- →This flaw was fixed in Squid 2.x but was never added to the Squid 3.x branch until later; ensure Squid 3.x deployments are also patched. ↗
- ·Squid versions before 2.4.STABLE7 are vulnerable; upgrade to at least 2.4.STABLE7 (or 2.5.7 per Debian) to remediate. ↗
- ·The fix was missing from the Squid 3.x branch (specifically Fedora 9 shipped squid-3.0.STABLE7 without the patch); verify 3.x deployments are patched. ↗
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jx7g-w69f-vmq6: The asn_parse_header function (asn1
ghsa_unreviewed·2022-05-03
CVE-2004-0918 [MEDIUM] GHSA-jx7g-w69f-vmq6: The asn_parse_header function (asn1
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.
OSV
CVE-2004-0918: The asn_parse_header function (asn1
osv·2005-01-27·CVSS 5.0
CVE-2004-0918 [MEDIUM] CVE-2004-0918: The asn_parse_header function (asn1
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.
Ubuntu
squid vulnerabilities
vendor_ubuntu·2004-11-07
CVE-2004-0832 squid vulnerabilities
Title: squid vulnerabilities
Summary: squid vulnerabilities
Recently, two Denial of Service vulnerabilities have been discovered
in squid, a WWW proxy cache. Insufficient input validation in the NTLM
authentication handler allowed a remote attacker to crash the service
by sending a specially crafted NTLMSSP packet. Likewise, due to an
insufficient validation of ASN.1 headers, a remote attacker could
restart the server (causing all open connections to be dropped) by
sending certain SNMP packets with negative length fields.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
Squid SNMP DoS
vendor_redhat·2004-10-11·CVSS 5.0
CVE-2004-0918 [MEDIUM] Squid SNMP DoS
Squid SNMP DoS
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.
Debian
CVE-2004-0918: squid - The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Ca...
vendor_debian·2004·CVSS 5.0
CVE-2004-0918 [MEDIUM] CVE-2004-0918: squid - The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Ca...
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.
Scope: local
bookworm: resolved (fixed in 2.5.7)
bullseye: resolved (fixed in 2.5.7)
forky: resolved (fixed in 2.5.7)
sid: resolved (fixed in 2.5.7)
trixie: resolved (fixed in 2.5.7)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2004-0918 Squid SNMP DoS
bugzilla·2008-06-27·CVSS 5.0
CVE-2004-0918 [MEDIUM] CVE-2004-0918 Squid SNMP DoS
CVE-2004-0918 Squid SNMP DoS
Common Vulnerabilities and Exposures assigned an identifier CVE-2004-0918 to the following vulnerability:
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that causes a memory allocation error.
Refences:
http://www.idefense.com/application/poi/display?id=152&type=vulnerabilities&flashstatus=false
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923
http://fedoranews.org/updates/FEDORA--.shtml
http://www.gentoo.org/security/en/glsa/glsa-200410-15.xml
http://www.redhat.com/support/errata/RHSA-2004-591.html
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.tx
Bugzilla
Squid Multiple Vulnerabilities (CVE-2004-0541 CVE-2004-0832 CVE-2004-0918 CVE-2005-0094 CVE-2005-0095 CVE-2005-0096 CVE-2005-0097 CVE-2005-0446 CVE-2005-0626 CVE-2005-0718 CVE-1999-0710 CVE-2005-1345
bugzilla·2004-10-11·CVSS 7.5
CVE-2004-0541 [HIGH] Squid Multiple Vulnerabilities (CVE-2004-0541 CVE-2004-0832 CVE-2004-0918 CVE-2005-0094 CVE-2005-0095 CVE-2005-0096 CVE-2005-0097 CVE-2005-0446 CVE-2005-0626 CVE-2005-0718 CVE-1999-0710 CVE-2005-1345
Squid Multiple Vulnerabilities (CVE-2004-0541 CVE-2004-0832 CVE-2004-0918 CVE-2005-0094 CVE-2005-0095 CVE-2005-0096 CVE-2005-0097 CVE-2005-0446 CVE-2005-0626 CVE-2005-0718 CVE-1999-0710 CVE-2005-1345 CVE-2005-1519 CVE-2004-2479 CVE-2005-2794 CVE-2005-...
iDEFENSE reported on 2004-10-11 a vulnerability in the squid SNMP
module. This issue could lead to a potential DOS (it will restart
the server, dropping all open connections).
http://www.idefense.com/application/poi/display?id=152&type=vulnerabilities
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=135320
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=135319
------- Additional Comments From [email protected] 2004-10-11 19:30:05 ----
Patch available here:
http://www1.uk.squid-cache.org/squid/Versions/v2/2
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txthttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923http://fedoranews.org/updates/FEDORA--.shtmlhttp://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.htmlhttp://marc.info/?l=bugtraq&m=109913064629327&w=2http://secunia.com/advisories/30914http://secunia.com/advisories/30967http://www.gentoo.org/security/en/glsa/glsa-200410-15.xmlhttp://www.idefense.com/application/poi/display?id=152&type=vulnerabilities&flashstatus=falsehttp://www.redhat.com/support/errata/RHSA-2004-591.htmlhttp://www.securityfocus.com/bid/11385http://www.squid-cache.org/Advisories/SQUID-2004_3.txthttp://www.squid-cache.org/Advisories/SQUID-2008_1.txthttp://www.vupen.com/english/advisories/2008/1969/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/17688https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10931https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00122.htmlftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txthttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923http://fedoranews.org/updates/FEDORA--.shtmlhttp://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.htmlhttp://marc.info/?l=bugtraq&m=109913064629327&w=2http://secunia.com/advisories/30914http://secunia.com/advisories/30967http://www.gentoo.org/security/en/glsa/glsa-200410-15.xmlhttp://www.idefense.com/application/poi/display?id=152&type=vulnerabilities&flashstatus=falsehttp://www.redhat.com/support/errata/RHSA-2004-591.htmlhttp://www.securityfocus.com/bid/11385http://www.squid-cache.org/Advisories/SQUID-2004_3.txthttp://www.squid-cache.org/Advisories/SQUID-2008_1.txthttp://www.vupen.com/english/advisories/2008/1969/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/17688https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10931https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00122.html
2005-01-27
Published