CVE-2015-3455 – squid: incorrect X509 server certificate validation (SQUID-2015:1)
https://notcve.org/view.php?id=CVE-2015-3455
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate. Squid 3.2.x en versiones anteriores a 3.2.14, 3.3.x en versiones anteriores a 3.3.14, 3.4.x en versiones anteriores a 3.4.13 y 3.5.x en versiones anteriores a 3.5.4, cuando el primer cliente está configurado mediante SSL-bump, no valida adecuadamente el dominio o campos de nombre de host de certificados X.509, lo que permite a atacantes man-in-the-middle suplantar servidores SSL a través de un certificado válido. It was found that Squid configured with client-first SSL-bump did not correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a Squid server using a specially crafted X.509 certificate. • http://advisories.mageia.org/MGASA-2015-0191.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00016.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html http://rhn.redhat.com/errata/RHSA-2015-2378.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:230 http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.oracle.com/technetwork/topics/security • CWE-20: Improper Input Validation CWE-297: Improper Validation of Certificate with Host Mismatch •
CVE-2015-0881
https://notcve.org/view.php?id=CVE-2015-0881
CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response. Una vulnerabilidad de inyección CRLF en Squid anterior a versión 3.1.1, permite a los atacantes remotos inyectar encabezados HTTP arbitrarios y conducir ataques de división de respuesta HTTP por medio de un encabezado diseñado en una respuesta. • http://jvn.jp/en/jp/JVN64455813/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000019 •
CVE-2014-7142
https://notcve.org/view.php?id=CVE-2014-7142
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size. El módulo pinger en Squid 3.x anterior a 3.4.8 permite a atacantes remotos obtener información sensible o causar una denegación de servicio (caída) a través de un tamaño de paquete (1) ICMP o (2) ICMP6 manipulado. • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://seclists.org/oss-sec/2014/q3/539 http://seclists.org/oss-sec/2014/q3/613 http://seclists.org/oss-sec/2014/q3/626 http://secunia.com/advisories/60242 http://ubuntu.com/usn/usn-2422-1 http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.securityfocus.com/bid/70022 http://www. • CWE-20: Improper Input Validation •
CVE-2014-7141
https://notcve.org/view.php?id=CVE-2014-7141
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet. El módulo pinger en Squid 3.x anterior a 3.4.8 permite a atacantes remotos obtener información sensible o causar una denegación de servicio (lectura fuera de rango y caída) a través de un tipo manipulado en un paquete (1) ICMP o (2) ICMP6. • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://seclists.org/oss-sec/2014/q3/539 http://seclists.org/oss-sec/2014/q3/612 http://seclists.org/oss-sec/2014/q3/626 http://secunia.com/advisories/60242 http://ubuntu.com/usn/usn-2422-1 http://www.securityfocus.com/bid/69688 http://www.squid-cache.org/Advisories/SQUID-2014_4.txt https://bugzilla.novell.com/ • CWE-19: Data Processing Errors •
CVE-2014-6270
https://notcve.org/view.php?id=CVE-2014-6270
Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow. Error de superación de límite (off-by-one) en la función snmpHandleUdp en snmp_core.cc en Squid 2.x y 3.x, cuando un puerto SNMP está configurado, permite a atacantes remotos causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una solicitud UDP SNMP manipulada, lo que provoca un desbordamiento de buffer basado en memoria dinámica. • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://seclists.org/oss-sec/2014/q3/542 http://seclists.org/oss-sec/2014/q3/550 http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.securityfocus.com/bid/69686 http://www.ubuntu.com/usn/USN-2921-1 https://bugzilla.novell.com/show_bug.cgi?id=895773 https://bugzilla.redhat.com/show_bug.cgi • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •