[v2.5] squid: SNMP and ICMP related issues (CVE-2014-6270, CVE-2014-7141, CVE-2014-7142)
CVE-2014-6270:
Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid
2.x and 3.x before 3.4.8, when an SNMP port is configured, allows remote
attackers to cause a denial of service (crash) or possibly execute
arbitrary code via a crafted UDP SNMP request, which triggers a
heap-based buffer overflow.
Patch:
http://bugzillafiles.novell.org/attachment.cgi?id=605545
References:
http://www.squid-cache.org/Versions/v3/3.4/ChangeLog.txt (Changes to
squid-3.4.8 (15 Sep 2014))
https://bugzilla.novell.com/show\_bug.cgi?id=895773
https://bugzilla.redhat.com/show\_bug.cgi?id=1139967
http://seclists.org/oss-sec/2014/q3/542
CVE-2014-7141, CVE-2014-7142:
Sebastian Krahmer made a fix for squid 3.4.6 for this issue:
The pinger code that checks for nodes being alive doesn’t properly validate ICMP and ICMPv6 replies, in particular icmp6 types which are used to index into a string array. This could cause crashes when the index is OOB.
A patch is available here:
https://bugzilla.novell.com/show\_bug.cgi?id=891268
The issue was fixed in squid-3.4.8 (not yet officially released at the moment).
References:
http://www.squid-cache.org/Versions/v3/3.4/ChangeLog.txt (Changes to
squid-3.4.8 (15 Sep 2014))
http://seclists.org/oss-sec/2014/q3/626
(from redmine: issue id 3388, created on 2014-09-25, closed on 2014-10-01)
- Relations:
- parent #3387 (closed)
- Changesets:
- Revision 9776eb2b by Natanael Copa on 2014-10-01T11:10:24Z:
main/sqiod: fix CVE-2014-6270, CVE-2014-7141 and CVE-2014-7142
fixes #3388