首页 -> 安全研究

安全研究

安全漏洞
Squid Cache SNMP拒绝服务攻击漏洞

发布日期:2002-02-21
更新日期:2002-02-25

受影响系统:
National Science Foundation Squid Web Proxy 2.4STABLE3
National Science Foundation Squid Web Proxy 2.4STABLE2
National Science Foundation Squid Web Proxy 2.4STABLE1
National Science Foundation Squid Web Proxy 2.4
National Science Foundation Squid Web Proxy 2.3
National Science Foundation Squid Web Proxy 2.2
National Science Foundation Squid Web Proxy 2.1
National Science Foundation Squid Web Proxy 2.0
不受影响系统:
National Science Foundation Squid Web Proxy 2.4STABLE4
描述:
BUGTRAQ  ID: 4146
CVE(CAN) ID: CVE-2002-0069

Squid是一个运行于Linux/Unix系统下的Web服务代理程序。

Squid代理程序的SNMP实现上存在内存泄露问题,远程攻击者可能利用此问题对服务器程序实施拒绝服务攻击。

远程攻击者可能通过不断提交畸形的SNMP消息给服务器,使服务器程序消耗完系统所有可用资源,如果没有对Squid进程设置资源限制则可能导致服务器性能的下降。如果要利用这个漏洞,服务器的SNMP端口必须开放,攻击者必须能够向那个端口发送数据,SNMP支持在Squid的默认安装中是关闭的。

<*来源:Jouko Pynnonen (jouko@solutions.fi
        Henrik Nordstrom (hno@squid-cache.org
  
  链接:http://archives.neohapsis.com/archives/bugtraq/2002-02/0230.html
        http://www.squid-cache.org/Advisories/SQUID-2002_1.txt
        ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc
        http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464
        https://www.redhat.com/support/errata/RHSA-2002-029.html
        http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016-1.php
        http://www.trustix.net/errata/misc/2002/TSL-2002-0031-squid.asc.txt
*>

建议:
临时解决方法:

如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:

* 如果Squid不需要SNMP支持,在配置文件中设置如下选项:
snmp_port 0

* 如果有防火墙,对UDP 3401端口进行过滤,只允许可信主机访问。

厂商补丁:

Conectiva
---------
Conectiva已经为此发布了一个安全公告(CLA-2002:464)以及相应补丁:
CLA-2002:464:squid
链接:

补丁下载:

ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/squid-2.3.5-1U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/squid-2.3.5-1U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/squid-2.3.5-1U51_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/squid-2.3.5-1U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/squid-2.3.5-1U60_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/squid-2.3.5-1U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/squid-2.4.1-4U70_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/squid-templates-2.4.1-4U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/squid-doc-2.4.1-4U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/squid-auth-2.4.1-4U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/squid-2.4.1-4U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/squid-2.3.5-1U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/squid-2.3.5-1U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/squid-2.3.5-1U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/squid-2.3.5-1U50_1cl.i386.rpm

FreeBSD
-------
FreeBSD已经为此发布了一个安全公告(FreeBSD-SA-02:12)以及相应补丁:
FreeBSD-SA-02:12:multiple security vulnerabilities in squid port
链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc

补丁下载:

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/squid-2.4_8.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/squid-2.4_8.tgz

MandrakeSoft
------------
MandrakeSoft已经为此发布了一个安全公告(MDKSA-2002:016-1)以及相应补丁:
MDKSA-2002:016-1:squid
链接:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016-1.php3

补丁下载:

_______________________________________________________________________

Updated Packages:

Linux-Mandrake 7.1:
60bb70afa95f2b43727bc8c9794fb0f9  7.1/RPMS/squid-2.4.STABLE4-1.5mdk.i586.rpm
a46c4bf51883fcfee529de2812f55458  7.1/SRPMS/squid-2.4.STABLE4-1.5mdk.src.rpm

Linux-Mandrake 7.2:
0c3cfdf038650a8c85e703c8859df8d7  7.2/RPMS/squid-2.4.STABLE4-1.5mdk.i586.rpm
a46c4bf51883fcfee529de2812f55458  7.2/SRPMS/squid-2.4.STABLE4-1.5mdk.src.rpm

Mandrake Linux 8.0:
174eaf577cfde553ee0b8eb301792cba  8.0/RPMS/squid-2.4.STABLE4-1.6mdk.i586.rpm
e1d0df4fe930669e3ba12b90caefeca3  8.0/SRPMS/squid-2.4.STABLE4-1.6mdk.src.rpm

Mandrake Linux 8.0/ppc:
375ecbfec5947e9f47be3ada5084fc88  ppc/8.0/RPMS/squid-2.4.STABLE4-1.6mdk.ppc.rpm
e1d0df4fe930669e3ba12b90caefeca3  ppc/8.0/SRPMS/squid-2.4.STABLE4-1.6mdk.src.rpm

Corporate Server 1.0.1:
60bb70afa95f2b43727bc8c9794fb0f9  1.0.1/RPMS/squid-2.4.STABLE4-1.5mdk.i586.rpm
a46c4bf51883fcfee529de2812f55458  1.0.1/SRPMS/squid-2.4.STABLE4-1.5mdk.src.rpm

Single Network Firewall 7.2:
0c3cfdf038650a8c85e703c8859df8d7  snf7.2/RPMS/squid-2.4.STABLE4-1.5mdk.i586.rpm
a46c4bf51883fcfee529de2812f55458  snf7.2/SRPMS/squid-2.4.STABLE4-1.5mdk.src.rpm
________________________________________________________________________

上述升级软件可以在下列地址中的任意一个镜像ftp服务器上下载:  
http://www.mandrakesecure.net/en/ftp.php

RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2002:029-09)以及相应补丁:
RHSA-2002:029-09:New squid packages available
链接:https://www.redhat.com/support/errata/RHSA-2002-029.html

补丁下载:

Red Hat Linux 6.2:

SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/squid-2.4.STABLE3-1.6.2.src.rpm

alpha:
ftp://updates.redhat.com/6.2/en/os/alpha/squid-2.4.STABLE3-1.6.2.alpha.rpm

i386:
ftp://updates.redhat.com/6.2/en/os/i386/squid-2.4.STABLE3-1.6.2.i386.rpm

sparc:
ftp://updates.redhat.com/6.2/en/os/sparc/squid-2.4.STABLE3-1.6.2.sparc.rpm

Red Hat Linux 7.0:

SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/squid-2.4.STABLE3-1.7.0.src.rpm

alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/squid-2.4.STABLE3-1.7.0.alpha.rpm

i386:
ftp://updates.redhat.com/7.0/en/os/i386/squid-2.4.STABLE3-1.7.0.i386.rpm

Red Hat Linux 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/squid-2.4.STABLE3-1.7.1.src.rpm

alpha:
ftp://updates.redhat.com/7.1/en/os/alpha/squid-2.4.STABLE3-1.7.1.alpha.rpm

i386:
ftp://updates.redhat.com/7.1/en/os/i386/squid-2.4.STABLE3-1.7.1.i386.rpm

ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/squid-2.4.STABLE3-1.7.1.ia64.rpm

Red Hat Linux 7.2:

SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/squid-2.4.STABLE3-1.7.2.src.rpm

i386:
ftp://updates.redhat.com/7.2/en/os/i386/squid-2.4.STABLE3-1.7.2.i386.rpm

ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/squid-2.4.STABLE3-1.7.2.ia64.rpm

Trustix
-------
Trustix已经为此发布了一个安全公告(TSLSA-2002-0031)以及相应补丁:
TSLSA-2002-0031:squid-cron
链接:http://www.trustix.net/errata/misc/2002/TSL-2002-0031-squid.asc.txt

补丁下载:

http://www.trustix.net/pub/Trustix/updates/squid-2.4.STABLE4-1tr.i586.rpm

Squid
-----
squid已经为此发布了一个安全公告(SQUID-2002:1)以及相应补丁:
SQUID-2002:1:Security adisory regarding three issues in most Squid-2.x versions up to and including Squid-2.4.STABLE3
链接:http://www.squid-cache.org/Advisories/SQUID-2002_1.txt

补丁下载:

已经在新版软件中修复了安全问题。
ftp://ftp.squid-cache.org/pub/squid-2/STABLE/
http://www.squid-cache.org/Versions/v2/2.4/

浏览次数:3803
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客