CVE-2018-1000027
published 2018-02-09CVE-2018-1000027: The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response…
PriorityP344high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
13.15%
95.9th percentile
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | squid | < squid 4.1-1 (bookworm) | squid 4.1-1 (bookworm) |
| squid-cache | squid | < 4.0.23 | 4.0.23 |
| squid | squid | >= 0 < 4.1-1 | 4.1-1 |
| squid | squid | >= 0 < 4.1-1 | 4.1-1 |
| squid | squid | >= 0 < 4.1-1 | 4.1-1 |
| squid | squid | >= 0 < 4.1-1 | 4.1-1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Trigger condition: a remote HTTP server responds with an X-Forwarded-For header to certain types of HTTP requests directed at the Squid proxy, causing a NULL pointer dereference crash (DoS). ↗
- →Vulnerable component is Squid HTTP Caching Proxy versions prior to 4.0.23 (4.x branch) and prior to 3.5.27 (3.x branch); monitor for NULL pointer dereference crashes in squid process. ↗
- →Attack vector involves a combination of a crafted client HTTP request AND a specific trusted server response; monitor for unexpected Squid crashes correlated with upstream server X-Forwarded-For header responses. ↗
- →Upstream vendor patches are available for both 3.5 and 4.x branches; reference patch files for diff-based detection of the vulnerable code paths. ↗
- ·Workaround: setting 'log_uses_indirect_client off' in the Squid configuration file mitigates the vulnerability by disabling the vulnerable X-Forwarded-For header processing code path. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Squid regression
vendor_ubuntu·2022-12-12·CVSS 7.5
[HIGH] Squid regression
Title: Squid regression
Summary: USN-3557-1 introduced a regression in Squid.
USN-3557-1 fixed vulnerabilities in Squid. This update introduced a regression
which could cause the cache log to be filled with many Vary loop messages. This
update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Mathias Fischer discovered that Squid incorrectly handled certain long
strings in headers. A malicious remote server could possibly cause Squid to
crash, resulting in a denial of service. This issue was only addressed in
Ubuntu 16.04 LTS. (CVE-2016-2569)
William Lima discovered that Squid incorrectly handled XML parsing when
processing Edge Side Includes (ESI). A malicious remote server could
possibly cause Squid to crash, resulting in a denial of service. This is
Ubuntu
Squid vulnerabilities
vendor_ubuntu·2019-07-17·CVSS 7.5
CVE-2018-1000024 [HIGH] Squid vulnerabilities
Title: Squid vulnerabilities
Summary: Several security issues were fixed in Squid.
USN-4059-1 and USN-3557-1 fixed several vulnerabilities in Squid. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Louis Dion-Marcil discovered that Squid incorrectly handled certain
Edge Side Includes (ESI) responses. A malicious remote server could
possibly cause Squid to crash, resulting in a denial of service.
(CVE-2018-1000024)
Louis Dion-Marcil discovered that Squid incorrectly handled certain
Edge Side Includes (ESI) responses. A malicious remote server could
possibly cause Squid to crash, resulting in a denial of service.
(CVE-2018-1000027)
It was discovered that Squid incorrectly handled the cachemgr.cgi web
module. A remote attacker could possibly
Ubuntu
Squid vulnerabilities
vendor_ubuntu·2018-02-05·CVSS 7.5
CVE-2016-2569 [HIGH] Squid vulnerabilities
Title: Squid vulnerabilities
Summary: Several security issues were fixed in Squid.
Mathias Fischer discovered that Squid incorrectly handled certain long
strings in headers. A malicious remote server could possibly cause Squid to
crash, resulting in a denial of service. This issue was only addressed in
Ubuntu 16.04 LTS. (CVE-2016-2569)
William Lima discovered that Squid incorrectly handled XML parsing when
processing Edge Side Includes (ESI). A malicious remote server could
possibly cause Squid to crash, resulting in a denial of service. This issue
was only addressed in Ubuntu 16.04 LTS. (CVE-2016-2570)
Alex Rousskov discovered that Squid incorrectly handled response-parsing
failures. A malicious remote server could possibly cause Squid to crash,
resulting in a denial of service. This
Red Hat
squid: Incorrect pointer handling in HTTP processing and certificate download can lead to denial of service
vendor_redhat·2018-01-19·CVSS 7.5
CVE-2018-1000027 [HIGH] CWE-117 squid: Incorrect pointer handling in HTTP processing and certificate download can lead to denial of service
squid: Incorrect pointer handling in HTTP processing and certificate download can lead to denial of service
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.
Mitigation: A workaround for this issue is to set the "log_uses_indirect_client off" configuration directive in the squid configuration file (for example /etc/squid/squid.conf).
Package: squid (Red Hat Enterprise Linux 5) - Not affe
Debian
CVE-2018-1000027: squid - The Squid Software Foundation Squid HTTP Caching Proxy version prior to version ...
vendor_debian·2018·CVSS 7.5
CVE-2018-1000027 [HIGH] CVE-2018-1000027: squid - The Squid Software Foundation Squid HTTP Caching Proxy version prior to version ...
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.
Scope: local
bookworm: resolved (fixed in 4.1-1)
bullseye: resolved (fixed in 4.1-1)
forky: resolved (fixed in 4.1-1)
sid: resolved (fixed in 4.1-1)
trixie: resolved (fixed in 4.1-1)
OSV
squid3 regression
osv·2022-12-12·CVSS 7.5
[HIGH] squid3 regression
squid3 regression
USN-3557-1 fixed vulnerabilities in Squid. This update introduced a regression
which could cause the cache log to be filled with many Vary loop messages. This
update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Mathias Fischer discovered that Squid incorrectly handled certain long
strings in headers. A malicious remote server could possibly cause Squid to
crash, resulting in a denial of service. This issue was only addressed in
Ubuntu 16.04 LTS. (CVE-2016-2569)
William Lima discovered that Squid incorrectly handled XML parsing when
processing Edge Side Includes (ESI). A malicious remote server could
possibly cause Squid to crash, resulting in a denial of service. This issue
was only addressed in Ubuntu 16.04 LTS. (CVE-2016-2570)
GHSA
GHSA-hwhj-rr4w-2xmm: The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4
ghsa_unreviewed·2022-05-14
CVE-2018-1000027 [HIGH] CWE-476 GHSA-hwhj-rr4w-2xmm: The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.
OSV
CVE-2018-1000027: The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4
osv·2018-02-09·CVSS 7.5
CVE-2018-1000027 [HIGH] CVE-2018-1000027: The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.
OSV
squid3 vulnerabilities
osv·2018-02-05·CVSS 7.5
CVE-2016-2569 [HIGH] squid3 vulnerabilities
squid3 vulnerabilities
Mathias Fischer discovered that Squid incorrectly handled certain long
strings in headers. A malicious remote server could possibly cause Squid to
crash, resulting in a denial of service. This issue was only addressed in
Ubuntu 16.04 LTS. (CVE-2016-2569)
William Lima discovered that Squid incorrectly handled XML parsing when
processing Edge Side Includes (ESI). A malicious remote server could
possibly cause Squid to crash, resulting in a denial of service. This issue
was only addressed in Ubuntu 16.04 LTS. (CVE-2016-2570)
Alex Rousskov discovered that Squid incorrectly handled response-parsing
failures. A malicious remote server could possibly cause Squid to crash,
resulting in a denial of service. This issue only applied to Ubuntu 16.04
LTS. (CVE-2016-2571)
Sant
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-1000024 CVE-2018-1000027 squid: various flaws [fedora-all]
bugzilla·2018-01-22·CVSS 7.5
CVE-2018-1000024 [HIGH] CVE-2018-1000024 CVE-2018-1000027 squid: various flaws [fedora-all]
CVE-2018-1000024 CVE-2018-1000027 squid: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora
Bugzilla
CVE-2018-1000027 squid: Incorrect pointer handling in HTTP processing and certificate download can lead to denial of service
bugzilla·2018-01-22·CVSS 7.5
CVE-2018-1000027 [HIGH] CVE-2018-1000027 squid: Incorrect pointer handling in HTTP processing and certificate download can lead to denial of service
CVE-2018-1000027 squid: Incorrect pointer handling in HTTP processing and certificate download can lead to denial of service
Due to incorrect pointer handling, Squid versions 3.x (prior to 3.5.27) and 4.x (prior to 4.0.23) are vulnerable to a denial of service attack when processing HTTP messages or downloading intermediate CA certificates. This problem allows a remote client delivering certain HTTP requests in conjunction with certain trusted server responses to trigger a denial of service for all clients accessing the Squid service.
Upstream Advisory:
http://www.squid-cache.org/Advisories/SQUID-2018_2.txt
Upstream Patches:
http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch
http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patch
Discussion:
Created
http://www.squid-cache.org/Advisories/SQUID-2018_2.txthttp://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patchhttp://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patchhttps://github.com/squid-cache/squid/pull/129/fileshttps://lists.debian.org/debian-lts-announce/2018/02/msg00001.htmlhttps://lists.debian.org/debian-lts-announce/2018/02/msg00002.htmlhttps://usn.ubuntu.com/3557-1/https://usn.ubuntu.com/4059-2/https://www.debian.org/security/2018/dsa-4122http://www.squid-cache.org/Advisories/SQUID-2018_2.txthttp://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patchhttp://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patchhttps://github.com/squid-cache/squid/pull/129/fileshttps://lists.debian.org/debian-lts-announce/2018/02/msg00001.htmlhttps://lists.debian.org/debian-lts-announce/2018/02/msg00002.htmlhttps://usn.ubuntu.com/3557-1/https://usn.ubuntu.com/4059-2/https://www.debian.org/security/2018/dsa-4122
2018-02-09
Published