'Re: [oss-security] Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.
From:       Joshua Rogers <megamansec () gmail ! com>
Date:       2023-10-21 19:24:58
Message-ID: CA+17n5sr6yGrWws73FYSSrMyfQy+m-JjiGZ9KrEf9OyYunY1Vw () mail ! gmail ! com
[Download RAW message or body]


Hi all,

I've updated the page with the following IDs which may be used for tracking:

strlen(NULL) Crash Using Digest Authentication
        GHSA-254c-93q9-cp53

Assertion Due to 0 ESI 'when' Checking
        GHSA-4g88-277m-q89r

Assertion Using ESI's When Directive
        GHSA-4g88-277m-q89r

Stack Buffer Overflow in Digest Authentication
        GHSA-phqj-m8gv-cq4g

Buffer Underflow in ESI
        GHSA-wgvf-q977-9xjg

Cheers,
Josh

On Fri, Oct 13, 2023 at 8:23 PM Joshua Rogers <megamansec@gmail.com> wrote:

> Hi Amos, oss-security,
>
> I've added GHSA-543m-w2m2-g255 and CVE-2021-46784 for 'Cache Poisoning by
> Large Stored Response Headers (With Bonus XSS)' and 'Assertion in Gopher
> Response Handling' respectively: GHSA-543m-w2m2-g255 and CVE-2021-46784
>
> However, for "Gopher Assertion Crash", GHSA-f5cp-6rh3-284w does not apply.
> "Gopher Assertion Crash" concerns an assertion "assertion failed:
> store.cc:832: "store_status == STORE_PENDING"" while GHSA-f5cp-6rh3-284w
> concerns an assertion: "assertion failed: String.cc:172: "canGrowBy(len)""
>
> To the best of my knowledge the former (without a current GHSA or CVE) is
> unfixed.
>
> Cheers,
> Josh
>
> On Fri, Oct 13, 2023 at 3:54 AM Amos Jeffries <squid3@treenet.co.nz>
> wrote:
>
>> Some reference updates.
>>
>>
>> On 11/10/23 20:55, Joshua Rogers wrote:
>> >
>> > The issues are listed below. Due to the sheer size of issues discovered,
>> > technical details are not included in this email. However, breakdowns of
>> > the code and proof-of-concepts can be found on GitHub:
>> > https://megamansec.github.io/Squid-Security-Audit/
>> >
>>
>> > Cache Poisoning by Large Stored Response Headers (With Bonus XSS)
>>
>>   ... GHSA-543m-w2m2-g255
>>
>> > Gopher Assertion Crash
>>
>>   ... GHSA-f5cp-6rh3-284w
>>
>> > Assertion in Gopher Response Handling
>>
>>   ... CVE-2021-46784 / GHSA-f5cp-6rh3-284w
>>
>>
>>
>> AYJ
>>
>


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic