安全研究
安全漏洞
Squid处理WCCP消息远程拒绝服务漏洞
发布日期:2005-01-13
更新日期:2005-02-04
受影响系统:
Squid Web Proxy Cache 2.5 STABLE7描述:
BUGTRAQ ID: 12275
CVE(CAN) ID: CVE-2005-0095
Squid是一个高效的Web缓存及代理程序,Squid最初是为Unix平台开发的,现在也被移植到Linux和大多数的Unix类系统中,最新的Squid可以运行在Windows平台下。
Squid处理WCCP消息存在问题,远程攻击者可以利用这个漏洞使Squid服务崩溃。
供应商报告远程用户可以发送特殊构建的把'number of caches'字段设置为1-32之外值的WCCP_I_SEE_YOU包,并伪造地址,如果Squid启用的情况下,Squid就会崩溃。
<*来源:Squid (squidsecurity@hushmail.com)
链接:http://www.securitytracker.com/alerts/2005/Jan/1012882.html
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000923
http://www.debian.org/security/2005/dsa-651
http://www.linux-mandrake.com/en/security/2005/2005-014.php
*>
建议:
厂商补丁:
Conectiva
---------
Conectiva已经为此发布了一个安全公告(CLA-2005:923)以及相应补丁:
CLA-2005:923:squid
链接:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000923
补丁下载:
ftp://atualizacoes.conectiva.com.br/10/SRPMS/squid-2.5.5-63116U10_6cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/squid-2.5.5-63116U10_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/squid-auth-2.5.5-63116U10_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/squid-extra-templates-2.5.5-63116U10_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/squid-2.5.5-25761U90_9cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/squid-2.5.5-25761U90_9cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/squid-auth-2.5.5-25761U90_9cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/squid-extra-templates-2.5.5-25761U90_9cl.i386.rpm
Debian
------
Debian已经为此发布了一个安全公告(DSA-651-1)以及相应补丁:
DSA-651-1:New squid packages fix denial of service
链接:http://www.debian.org/security/2002/dsa-651
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5.dsc
Size/MD5 checksum: 612 69bd41324bb88cc4a76fcacba1f6cb9b
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5.diff.gz
Size/MD5 checksum: 227846 52f6d82e486f23dba4240260dc64ea57
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz
Size/MD5 checksum: 1081920 59ce2c58da189626d77e27b9702ca228
Alpha architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_alpha.deb
Size/MD5 checksum: 814804 684a7a602a7dce53d3e2d5ea526cdfeb
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_alpha.deb
Size/MD5 checksum: 75340 061412b8ca998b1ae5a7c576eac51425
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_alpha.deb
Size/MD5 checksum: 60094 8ecf3345226d4023c661cb5950929d5c
ARM architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_arm.deb
Size/MD5 checksum: 725286 b9103ba40dfcc47200b971a0ad123bb9
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_arm.deb
Size/MD5 checksum: 73116 fe083c2e4e65e0bcff82b42c292f9c69
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_arm.deb
Size/MD5 checksum: 58444 225728ea1d83a4f999cbcd1cbc918471
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_i386.deb
Size/MD5 checksum: 684376 bd4f50309316282ffdf9012e6a051349
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_i386.deb
Size/MD5 checksum: 72850 f0f790e828a53ae94406c68d8c386ac7
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_i386.deb
Size/MD5 checksum: 58014 9f2e5d189aa0df9d01d47c6870ca25f9
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_ia64.deb
Size/MD5 checksum: 953366 146cb3cfadbb09b473289462fcb85c4e
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_ia64.deb
Size/MD5 checksum: 79224 6a83889272e28d86602d86358929196b
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_ia64.deb
Size/MD5 checksum: 62766 6b48ca53c8bc2f0972a1b4653d04fa54
HP Precision architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_hppa.deb
Size/MD5 checksum: 779204 684c9f7e7b7bd4abda5eda0890974951
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_hppa.deb
Size/MD5 checksum: 74562 861f28d3d058c56d620ce557b488780f
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_hppa.deb
Size/MD5 checksum: 59574 16d03b269cb3d067cd6129b9bf1eccdc
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_m68k.deb
Size/MD5 checksum: 665532 da4701e4506c91a7297ebe41314d88cd
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_m68k.deb
Size/MD5 checksum: 72460 3ad96b1dc107bbaafd67592f8477bab4
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_m68k.deb
Size/MD5 checksum: 57678 0202dafa52ea24eb34c3d477459ad287
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_mips.deb
Size/MD5 checksum: 764854 c97c148f54c9d80e9d3d6c127894813b
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_mips.deb
Size/MD5 checksum: 74028 d49e9634ed353d8b713f4d80de731b61
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_mips.deb
Size/MD5 checksum: 58730 762b4bb651f8531208db4cd941a06560
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_mipsel.deb
Size/MD5 checksum: 764702 d134fdcf4916a521147f94837e2e544e
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_mipsel.deb
Size/MD5 checksum: 74118 9bdfc6bc5e7f752df213cdffb197f877
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_mipsel.deb
Size/MD5 checksum: 58838 edc757de19a59274fcb2a3d32791dcc0
PowerPC architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_powerpc.deb
Size/MD5 checksum: 722068 9c18747e4a7e6b15c05ab547efc59993
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_powerpc.deb
Size/MD5 checksum: 73100 7af618b2b8b1e225af2631a07da615d8
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_powerpc.deb
Size/MD5 checksum: 58322 23f79cf266df794a375ba75b2a973026
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_s390.deb
Size/MD5 checksum: 711584 f750ce9dd12460574b2c69031d3933bf
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_s390.deb
Size/MD5 checksum: 73442 e9a485219baaec097b7d432ba4ea8a26
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_s390.deb
Size/MD5 checksum: 58876 4ab64ae10b353e69facfcc59fa6fa0ab
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_sparc.deb
Size/MD5 checksum: 724314 d4af1a337ee603d7b1039f132996b0bf
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_sparc.deb
Size/MD5 checksum: 75728 9974f32b84edb4969c9216742e9c9f73
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_sparc.deb
Size/MD5 checksum: 60762 a7aad73eabef840dd648ef058dc852d5
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
MandrakeSoft
------------
MandrakeSoft已经为此发布了一个安全公告(MDKSA-2005:014)以及相应补丁:
MDKSA-2005:014:Updated squid packages fix
链接:http://www.linux-mandrake.com/en/security/2005/2005-014.php
补丁下载:
Updated Packages:
Mandrakelinux 10.0:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/squid-2.5.STABLE4-2.3.100mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/SRPMS/squid-2.5.STABLE4-2.3.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/squid-2.5.STABLE4-2.3.100mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/SRPMS/squid-2.5.STABLE4-2.3.100mdk.src.rpm
Mandrakelinux 10.1:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.1/RPMS/squid-2.5.STABLE6-2.2.101mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.1/SRPMS/squid-2.5.STABLE6-2.2.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/10.1/RPMS/squid-2.5.STABLE6-2.2.101mdk.x86_64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/10.1/SRPMS/squid-2.5.STABLE6-2.2.101mdk.src.rpm
Corporate Server 2.1:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/squid-2.4.STABLE7-2.3.C21mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/SRPMS/squid-2.4.STABLE7-2.3.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/corporate/2.1/RPMS/squid-2.4.STABLE7-2.3.C21mdk.x86_64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/corporate/2.1/SRPMS/squid-2.4.STABLE7-2.3.C21mdk.src.rpm
Corporate Server 3.0:
上述升级软件还可以在下列地址中的任意一个镜像ftp服务器上下载:
http://www.mandrakesecure.net/en/ftp.php
Squid
-----
http://www.debian.org/security/2005/dsa-651
浏览次数:3432
严重程度:1(网友投票)
绿盟科技给您安全的保障