CVE-2016-3947
published 2016-04-07CVE-2016-3947: Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers…
PriorityP349high8.2CVSS 3.0
AVNACLPRNUINSUCNILAH
EPSS
14.35%
96.2th percentile
Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | squid | < squid 4.1-1 (bookworm) | squid 4.1-1 (bookworm) |
| squid-cache | squid | <= 3.5.15 | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid | squid | >= 0 < 4.1-1 | 4.1-1 |
| squid | squid | >= 0 < 4.1-1 | 4.1-1 |
| squid | squid | >= 0 < 4.1-1 | 4.1-1 |
| squid | squid | >= 0 < 4.1-1 | 4.1-1 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is in the 'pinger' utility's Icmp6::Recv function; monitor for crashes or unexpected termination of the 'pinger' child process, which is setuid root, triggered by crafted ICMPv6 packets. ↗
- →Watch Squid log files for unexpected heap data leakage, which may indicate exploitation of this vulnerability via crafted ICMPv6 packets writing sensitive information to logs. ↗
- →The 'pinger' binary is setuid root; privilege context makes exploitation higher impact. Verify whether the pinger binary is present and enabled — Red Hat Enterprise Linux 5, 6, and 7 are not affected as they did not include support for ICMP pinging and the 'pinger' binary. ↗
- ·Only Squid deployments with the 'pinger' binary compiled in and enabled are vulnerable. Red Hat Enterprise Linux 5, 6, and 7 shipped Squid without ICMP pinging support and are not affected. ↗
- ·Vulnerable versions are Squid before 3.5.16 and 4.x before 4.0.8; upgrade to at least these versions to remediate. ↗
CVSS provenance
nvdv3.08.2HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv8.2HIGH
vendor_debian8.2HIGH
vendor_redhat8.2HIGH
vendor_ubuntu8.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Squid vulnerabilities
vendor_ubuntu·2016-06-09·CVSS 8.2
CVE-2016-3947 [HIGH] Squid vulnerabilities
Title: Squid vulnerabilities
Summary: Several security issues were fixed in Squid.
Yuriy M. Kaminskiy discovered that the Squid pinger utility incorrectly
handled certain ICMPv6 packets. A remote attacker could use this issue to
cause Squid to crash, resulting in a denial of service, or possibly cause
Squid to leak information into log files. (CVE-2016-3947)
Yuriy M. Kaminskiy discovered that the Squid cachemgr.cgi tool incorrectly
handled certain crafted data. A remote attacker could use this issue to
cause Squid to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-4051)
It was discovered that Squid incorrectly handled certain Edge Side Includes
(ESI) responses. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a
Red Hat
squid: buffer overrun in Squid proxy pinger
vendor_redhat·2016-04-01·CVSS 8.2
CVE-2016-3947 [HIGH] CWE-122 squid: buffer overrun in Squid proxy pinger
squid: buffer overrun in Squid proxy pinger
Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.
Statement: This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 5, 6 and 7 as they did not include support for ICMP pinging and the 'pinger' binary.
Package: squid (Red Hat Enterprise Linux 5) - Not affected
Package: squid (Red Hat Enterprise Linux 6) - Not affected
Package: squid (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2016-3947: squid - Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the p...
vendor_debian·2016·CVSS 8.2
CVE-2016-3947 [HIGH] CVE-2016-3947: squid - Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the p...
Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.
Scope: local
bookworm: resolved (fixed in 4.1-1)
bullseye: resolved (fixed in 4.1-1)
forky: resolved (fixed in 4.1-1)
sid: resolved (fixed in 4.1-1)
trixie: resolved (fixed in 4.1-1)
GHSA
GHSA-59fp-mgp3-qph8: Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6
ghsa_unreviewed·2022-05-17
CVE-2016-3947 [HIGH] CWE-119 GHSA-59fp-mgp3-qph8: Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6
Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.
OSV
squid3 vulnerabilities
osv·2016-06-09·CVSS 8.2
CVE-2016-3947 [HIGH] squid3 vulnerabilities
squid3 vulnerabilities
Yuriy M. Kaminskiy discovered that the Squid pinger utility incorrectly
handled certain ICMPv6 packets. A remote attacker could use this issue to
cause Squid to crash, resulting in a denial of service, or possibly cause
Squid to leak information into log files. (CVE-2016-3947)
Yuriy M. Kaminskiy discovered that the Squid cachemgr.cgi tool incorrectly
handled certain crafted data. A remote attacker could use this issue to
cause Squid to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-4051)
It was discovered that Squid incorrectly handled certain Edge Side Includes
(ESI) responses. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-
OSV
CVE-2016-3947: Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6
osv·2016-04-07·CVSS 8.2
CVE-2016-3947 [HIGH] CVE-2016-3947: Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6
Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-3947 CVE-2016-3948 squid: 3.5.16 version [fedora-all]
bugzilla·2016-04-04·CVSS 8.2
CVE-2016-3947 [HIGH] CVE-2016-3947 CVE-2016-3948 squid: 3.5.16 version [fedora-all]
CVE-2016-3947 CVE-2016-3948 squid: 3.5.16 version [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While o
Bugzilla
CVE-2016-3947 squid: buffer overrun in Squid proxy pinger
bugzilla·2016-04-04·CVSS 6.4
CVE-2016-3947 [MEDIUM] CVE-2016-3947 squid: buffer overrun in Squid proxy pinger
CVE-2016-3947 squid: buffer overrun in Squid proxy pinger
A buffer overrun (on write(2)) has been found in Squid proxy 'pinger'
process that allows an attacker to craft ICMPv6 messages that will
either crash the child process (if the OS protects against over-write)
or alter heap contents allowing the attacker to bypass CVE-2014-7142
protection and leak arbitrary heap data into the Squid log files. The
pinger is setuid root (though it does drop those privileges prior to
this attack being possible).
Upstream fix:
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patch
External references:
http://www.squid-cache.org/Advisories/SQUID-2016_3.txt
References:
http://seclists.org/oss-sec/2016/q2/2
Discussion:
Created squid tracking bugs for this issue:
Affects: fedora
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.htmlhttp://lists.opensuse.org/opensuse-updates/2016-08/msg00069.htmlhttp://www.securitytracker.com/id/1035457http://www.squid-cache.org/Advisories/SQUID-2016_3.txthttp://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10495.patchhttp://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11839.patchhttp://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12694.patchhttp://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13232.patchhttp://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patchhttp://www.ubuntu.com/usn/USN-2995-1https://security.gentoo.org/glsa/201607-01http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.htmlhttp://lists.opensuse.org/opensuse-updates/2016-08/msg00069.htmlhttp://www.securitytracker.com/id/1035457http://www.squid-cache.org/Advisories/SQUID-2016_3.txthttp://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10495.patchhttp://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11839.patchhttp://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12694.patchhttp://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13232.patchhttp://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patchhttp://www.ubuntu.com/usn/USN-2995-1https://security.gentoo.org/glsa/201607-01
2016-04-07
Published