ports/76827: [Maintainer/security] www/squid: fix buffer overflow in WCCP
Thomas-Martin Seck
tmseck at netcologne.de
Sat Jan 29 20:10:20 UTC 2005
>Number: 76827
>Category: ports
>Synopsis: [Maintainer/security] www/squid: fix buffer overflow in WCCP
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Sat Jan 29 20:10:19 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Thomas-Martin Seck
>Release: FreeBSD 4.11-STABLE i386
>Organization:
a private site in Germany
>Environment:
FreeBSD ports collection as of Jan 29, 2005.
>Description:
Integrate a vendor patch against a buffer overflow in the WCCP handling,
see <http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_buffer_overflow>
and <http://www.squid-cache.org/Advisories/SQUID-2005_3.txt>.
Security Team CC'ed, proposed VuXML data, entry date left to be filled in:
<vuln vid="23fb5a04-722b-11d9-9e1e-c296ac722cb3">
<topic>squid -- buffer overflow in WCCP recvfrom() call</topic>
<affects>
<package>
<name>squid</name>
<range><lt>2.5.7_10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>According to the Squid Proxy Cache Security Update Advisory SQUID-2005:3,</p>
<blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2005_3.txt">
<p>The WCCP recvfrom() call accepts more data than will fit in
the allocated buffer. An attacker may send a larger-than-normal
WCCP message to Squid and overflow this buffer.</p>
<p>Severity:</p>
<p>The bug is important because it allows remote attackers to crash
Squid, causing a disription in service. However, the bug is
exploitable only if you have configured Squid to send WCCP messages
to, and expect WCCP replies from, a router.</p>
<p>Sites that do not use WCCP are not vulnerable.</p>
</blockquote>
<p>Note that while the default configuration of the FreeBSD squid port
enables WCCP support in general, the default configuration
supplied does not actually configure squid to send and receive WCCP
messages.</p>
</body>
</description>
<references>
<url>http://www.squid-cache.org/Advisories/SQUID-2005_3.txt</url>
<url>http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_buffer_overflow</url>
<url>http://www.squid-cache.org/bugs/show_bug.cgi?id=1217</url>
</references>
<dates>
<discovery>2005-01-28</discovery>
<entry></entry>
</dates>
</vuln>
>How-To-Repeat:
>Fix:
Apply this patch:
Index: distinfo
===================================================================
--- distinfo (.../www/squid) (revision 371)
+++ distinfo (.../local/squid) (revision 371)
@@ -44,3 +44,5 @@
SIZE (squid2.5/squid-2.5.STABLE7-short_icons_urls.patch) = 704
MD5 (squid2.5/squid-2.5.STABLE7-response_splitting.patch) = ff3d8ae3e933817c91e745beba76b5fc
SIZE (squid2.5/squid-2.5.STABLE7-response_splitting.patch) = 9782
+MD5 (squid2.5/squid-2.5.STABLE7-wccp_buffer_overflow.patch) = 01b1a4a23f170723d7e2bc3846e12c73
+SIZE (squid2.5/squid-2.5.STABLE7-wccp_buffer_overflow.patch) = 505
Index: Makefile
===================================================================
--- Makefile (.../www/squid) (revision 371)
+++ Makefile (.../local/squid) (revision 371)
@@ -74,7 +74,7 @@
PORTNAME= squid
PORTVERSION= 2.5.7
-PORTREVISION= 9
+PORTREVISION= 10
CATEGORIES= www
MASTER_SITES= \
ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
@@ -108,7 +108,8 @@
squid-2.5.STABLE7-httpd_accel_no_pmtu_disc.patch \
squid-2.5.STABLE7-ftp_datachannel.patch \
squid-2.5.STABLE7-short_icons_urls.patch \
- squid-2.5.STABLE7-response_splitting.patch
+ squid-2.5.STABLE7-response_splitting.patch \
+ squid-2.5.STABLE7-wccp_buffer_overflow.patch
PATCH_DIST_STRIP= -p1
MAINTAINER= tmseck at netcologne.de
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list