Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-49288: SQUID-2023:9 Denial of Service in HTTP Collapsed Forwarding

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with “collapsed_forwarding on” are vulnerable. Configurations with “collapsed_forwarding off” or without a “collapsed_forwarding” directive are not vulnerable. This bug is fixed by Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should remove all collapsed_forwarding lines from their squid.conf.

CVE
#vulnerability#web#dos

Due to a Use-After-Free bug Squid is vulnerable to a Denial of
Service attack against collapsed forwarding

Severity:

This problem allows a remote client to perform Denial of
Service attack on demand when Squid is configured with collapsed
forwarding.

CVSS Score of 8.6
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H&version=3.1

Updated Packages:****This bug is fixed by Squid version 6.0.1.

If you are using a prepackaged version of Squid then please refer
to the package vendor for availability information on updated
packages.

Determining if your version is vulnerable:

Run the following command to identify how (and whether)
your Squid has been configured with collapsed forwarding:

`squid -k parse 2>&1 | grep collapsed_forwarding`

All Squid-3.5 up to and including 5.9 configured with
“collapsed_forwarding on” are vulnerable.

All Squid-3.5 up to and including 5.9 configured with
“collapsed_forwarding off” are not vulnerable.

All Squid-3.5 up to and including 5.9 configured without any
“collapsed_forwarding” directive are not vulnerable.

Workaround:

Remove all collapsed_forwarding lines from your squid.conf.

Contact details for the Squid project:

For installation / upgrade support on binary packaged versions
of Squid: Your first point of contact should be your binary
package vendor.

If you install and build Squid from the original Squid sources
then the [email protected] mailing list is your
primary support point. For subscription details see
http://www.squid-cache.org/Support/mailing-lists.html.

For reporting of non-security bugs in the latest STABLE release
the squid bugzilla database should be used
https://bugs.squid-cache.org/.

For reporting of security sensitive bugs send an email to the
[email protected] mailing list. It’s a closed
list (though anyone can post) and security related bug reports
are treated in confidence until the impact has been established.

Credits:

This vulnerability was discovered by Joshua Rogers of Opera
Software.

Fixed by The Measurement Factory.

Revision history:

2022-09-03 18:41:32 UTC Patches Released
2023-10-12 11:53:02 UTC Initial Report

END

Related news

Ubuntu Security Notice USN-6728-3

Ubuntu Security Notice 6728-3 - USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused Squid to crash in certain environments on Ubuntu 20.04 LTS and was disabled in USN-6728-2. The problematic fix for CVE-2023-5824 has now been corrected and reinstated in this update.

Ubuntu Security Notice USN-6728-2

Ubuntu Security Notice 6728-2 - USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused Squid to crash in certain environments on Ubuntu 20.04 LTS. The problematic fix has been reverted pending further investigation. Joshua Rogers discovered that Squid incorrectly handled collapsed forwarding. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Joshua Rogers discovered that Squid incorrectly handled certain structural elements. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled Cache Manager error responses. A remote trusted client can possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled the HTTP Chunked decoder. A remote attacker could possibly use this ...

Ubuntu Security Notice USN-6728-1

Ubuntu Security Notice 6728-1 - Joshua Rogers discovered that Squid incorrectly handled collapsed forwarding. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Joshua Rogers discovered that Squid incorrectly handled certain structural elements. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907