===================================================================== CERT-Renater Note d'Information No. 2005/VULN157 _____________________________________________________________________ DATE : 08/03/2005 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running squid. ====================================================================== ______________________________________________________________________________ SCO Security Advisory Subject: UnixWare 7.1.4 : squid updated package fixes several security issues Advisory number: SCOSA-2005.16 Issue date: 2005 February 11 Cross reference: sr890343 fz529457 erg712610 sr892199 fz530514 erg712740 CAN-2004-0189 CAN-2004-0918 ______________________________________________________________________________ 1. Problem Description The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that causes a memory allocation error. The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0189 and CAN-2004-0918 to this issues. 2. Vulnerable Supported Versions System Binaries ---------------------------------------------------------------------- UnixWare 7.1.4 distribution 3. Solution The proper solution is to install the latest packages. 4. UnixWare 7.1.4 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16 or The fixes are also available in SCO UnixWare 7.1.4 Mantenance Pack 2 http://www.sco.com/support/update/download/release.php?rid=58 4.2 Verification MD5 (squid.pkg) = 6c33ff5d3b7bac965e2c816f0ae489eb or MD5 (uw714mp2.iso) = 335919be68f54253852cb8abca11814a md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: Download squid.pkg to the /var/spool/pkg directory # pkgadd -d /var/spool/pkg/squid.pkg or See ftp://ftp.sco.com/pub/unixware7/714/mp/mp2/uw714mp2.txt 5. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0189 http://www.squid-cache.org/Advisories/SQUID-2004_1.txt http://www.microsoft.com/security/incident/spoof.asp http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0918 SCO security resources: http://www.sco.com/support/security/index.html SCO security advisories via email http://www.sco.com/support/forums/security.html This security fix closes SCO incidents sr890343 fz529457 erg712610 sr892199 fz530514 erg712740. 6. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 7. Acknowledgments SCO would like to thank Mitch Adair reported %00 bug and Duane Wessels, for patching the %00 bug and adding the urllogin ACL type. ______________________________________________________________________________ ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================