CVE-2002-0067
CVSS7.5
发布时间 :2002-03-08 00:00:00
修订时间 :2016-10-17 22:15:44
NMCO    

[原文]Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions.


[CNNVD]Squid HTCP支持选项无法动态调整漏洞(CNNVD-200203-018)

        
        Squid是一个运行于Linux/Unix系统下的Web服务代理程序,它提供了对超文本缓冲协议的支持(Hyper Text Caching Protocol),HTCP在RFC2756中有定义,用于提供对缓存的管理。在大多数默认安装情况下,这个支持选项是关闭的,但在编译时指定'--enable-htcp'选项则可以打开此缓冲功能的支持。
        Squid实现上存在一个问题,使Squid的使用者无法在程序运行时配置HTCP支持选项的打开和关闭。
        虽然在Squid的文档中说明了对HTCP的是否支持可以在Squid的配置文件中指定,然而实际情况是HTCP支持选项一旦被编译进Squid,对HTCP的支持就一直处于打开状态。这导致在Squid运行期间管理员无法控制此支持选项的打开或关闭状态,即使在squid.conf中设置了"htcp_port 0"。这可能导致攻击者绕过预期的访问限制。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:redhat:linux:7.2::i386
cpe:/o:redhat:linux:7.0::i386
cpe:/a:squid:squid:2.4_stable_2
cpe:/o:redhat:linux:6.2::alpha
cpe:/o:redhat:linux:7.1::alpha
cpe:/o:redhat:linux:7.1::ia64
cpe:/o:redhat:linux:7.2::ia64
cpe:/o:redhat:linux:7.0::alpha
cpe:/o:redhat:linux:6.2::i386
cpe:/o:redhat:linux:6.2::sparc
cpe:/o:redhat:linux:7.1::i386

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0067
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0067
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200203-018
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc
(UNKNOWN)  FREEBSD  FreeBSD-SA-02:12
http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html
(UNKNOWN)  CALDERA  CSSA-2002-SCO.7
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464
(UNKNOWN)  CONECTIVA  CLA-2002:464
http://marc.info/?l=bugtraq&m=101431040422095&w=2
(UNKNOWN)  BUGTRAQ  20020221 Squid HTTP Proxy Security Update Advisory 2002:1
http://marc.info/?l=bugtraq&m=101443252627021&w=2
(UNKNOWN)  BUGTRAQ  20020222 TSLSA-2002-0031 - squid
http://www.iss.net/security_center/static/8261.php
(UNKNOWN)  XF  squid-htcp-enabled(8261)
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php
(UNKNOWN)  MANDRAKE  MDKSA-2002:016
http://www.redhat.com/support/errata/RHSA-2002-029.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2002:029
http://www.securityfocus.com/bid/4150
(UNKNOWN)  BID  4150
http://www.squid-cache.org/Versions/v2/2.4/bugs/
(PATCH)  CONFIRM  http://www.squid-cache.org/Versions/v2/2.4/bugs/

- 漏洞信息

Squid HTCP支持选项无法动态调整漏洞
高危 设计错误
2002-03-08 00:00:00 2005-10-12 00:00:00
远程  
        
        Squid是一个运行于Linux/Unix系统下的Web服务代理程序,它提供了对超文本缓冲协议的支持(Hyper Text Caching Protocol),HTCP在RFC2756中有定义,用于提供对缓存的管理。在大多数默认安装情况下,这个支持选项是关闭的,但在编译时指定'--enable-htcp'选项则可以打开此缓冲功能的支持。
        Squid实现上存在一个问题,使Squid的使用者无法在程序运行时配置HTCP支持选项的打开和关闭。
        虽然在Squid的文档中说明了对HTCP的是否支持可以在Squid的配置文件中指定,然而实际情况是HTCP支持选项一旦被编译进Squid,对HTCP的支持就一直处于打开状态。这导致在Squid运行期间管理员无法控制此支持选项的打开或关闭状态,即使在squid.conf中设置了"htcp_port 0"。这可能导致攻击者绕过预期的访问限制。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 如果Squid不需要HTCP支持,则编译的时候不要指定相关的选项。
        * 如果有防火墙,对4827端口进行过滤,只允许可信主机访问。
        厂商补丁:
        Conectiva
        ---------
        Conectiva已经为此发布了一个安全公告(CLA-2002:464)以及相应补丁:
        CLA-2002:464:squid
        链接:
        补丁下载:
        ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/squid-2.3.5-1U50_1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/squid-2.3.5-1U50_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/squid-2.3.5-1U51_1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/squid-2.3.5-1U51_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/squid-2.3.5-1U60_1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/squid-2.3.5-1U60_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/squid-2.4.1-4U70_2cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/squid-templates-2.4.1-4U70_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/squid-doc-2.4.1-4U70_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/squid-auth-2.4.1-4U70_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/squid-2.4.1-4U70_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/squid-2.3.5-1U50_1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/squid-2.3.5-1U50_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/squid-2.3.5-1U50_1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/squid-2.3.5-1U50_1cl.i386.rpm
        FreeBSD
        -------
        FreeBSD已经为此发布了一个安全公告(FreeBSD-SA-02:12)以及相应补丁:
        FreeBSD-SA-02:12:multiple security vulnerabilities in squid port
        链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc
        补丁下载:
        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/squid-2.4_8.tgz
        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/squid-2.4_8.tgz
        MandrakeSoft
        ------------
        MandrakeSoft已经为此发布了一个安全公告(MDKSA-2002:016-1)以及相应补丁:
        MDKSA-2002:016-1:squid
        链接:
        http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016-1.php3

        补丁下载:
        _______________________________________________________________________
        Updated Packages:
        Linux-Mandrake 7.1:
        60bb70afa95f2b43727bc8c9794fb0f9 7.1/RPMS/squid-2.4.STABLE4-1.5mdk.i586.rpm
        a46c4bf51883fcfee529de2812f55458 7.1/SRPMS/squid-2.4.STABLE4-1.5mdk.src.rpm
        Linux-Mandrake 7.2:
        0c3cfdf038650a8c85e703c8859df8d7 7.2/RPMS/squid-2.4.STABLE4-1.5mdk.i586.rpm
        a46c4bf51883fcfee529de2812f55458 7.2/SRPMS/squid-2.4.STABLE4-1.5mdk.src.rpm
        Mandrake Linux 8.0:
        174eaf577cfde553ee0b8eb301792cba 8.0/RPMS/squid-2.4.STABLE4-1.6mdk.i586.rpm
        e1d0df4fe930669e3ba12b90caefeca3 8.0/SRPMS/squid-2.4.STABLE4-1.6mdk.src.rpm
        Mandrake Linux 8.0/ppc:
        375ecbfec5947e9f47be3ada5084fc88 ppc/8.0/RPMS/squid-2.4.STABLE4-1.6mdk.ppc.rpm
        e1d0df4fe930669e3ba12b90caefeca3 ppc/8.0/SRPMS/squid-2.4.STABLE4-1.6mdk.src.rpm
        Corporate Server 1.0.1:
        60bb70afa95f2b43727bc8c9794fb0f9 1.0.1/RPMS/squid-2.4.STABLE4-1.5mdk.i586.rpm
        a46c4bf51883fcfee529de2812f55458 1.0.1/SRPMS/squid-2.4.STABLE4-1.5mdk.src.rpm
        Single Network Firewall 7.2:
        0c3cfdf038650a8c85e703c8859df8d7 snf7.2/RPMS/squid-2.4.STABLE4-1.5mdk.i586.rpm
        a46c4bf51883fcfee529de2812f55458 snf7.2/SRPMS/squid-2.4.STABLE4-1.5mdk.src.rpm
        ________________________________________________________________________
        上述升级软件可以在下列地址中的任意一个镜像ftp服务器上下载:
        
        http://www.mandrakesecure.net/en/ftp.php

        RedHat
        ------
        RedHat已经为此发布了一个安全公告(RHSA-2002:029-09)以及相应补丁:
        RHSA-2002:029-09:New squid packages available
        链接:https://www.redhat.com/support/errata/RHSA-2002-029.html
        补丁下载:
        Red Hat Linux 6.2:
        SRPMS:
        ftp://updates.redhat.com/6.2/en/os/SRPMS/squid-2.4.STABLE3-1.6.2.src.rpm
        alpha:
        ftp://updates.redhat.com/6.2/en/os/alpha/squid-2.4.STABLE3-1.6.2.alpha.rpm
        i386:
        ftp://updates.redhat.com/6.2/en/os/i386/squid-2.4.STABLE3-1.6.2.i386.rpm
        sparc:
        ftp://updates.redhat.com/6.2/en/os/sparc/squid-2.4.STABLE3-1.6.2.sparc.rpm
        Red Hat Linux 7.0:
        SRPMS:
        ftp://updates.redhat.com/7.0/en/os/SRPMS/squid-2.4.STABLE3-1.7.0.src.rpm
        alpha:
        ftp://updates.redhat.com/7.0/en/os/alpha/squid-2.4.STABLE3-1.7.0.alpha.rpm
        i386:
        ftp://updates.redhat.com/7.0/en/os/i386/squid-2.4.STABLE3-1.7.0.i386.rpm
        Red Hat Linux 7.1:
        SRPMS:
        ftp://updates.redhat.com/7.1/en/os/SRPMS/squid-2.4.STABLE3-1.7.1.src.rpm
        alpha:
        ftp://updates.redhat.com/7.1/en/os/alpha/squid-2.4.STABLE3-1.7.1.alpha.rpm
        i386:
        ftp://updates.redhat.com/7.1/en/os/i386/squid-2.4.STABLE3-1.7.1.i386.rpm
        ia64:
        ftp://updates.redhat.com/7.1/en/os/ia64/squid-2.4.STABLE3-1.7.1.ia64.rpm
        Red Hat Linux 7.2:
        SRPMS:
        

- 漏洞信息

5379
Squid squid.conf HTCP Restriction Bypass
Remote / Network Access Other
Impact Unknown
Exploit Unknown

- 漏洞描述

Squid Cache contains a flaw that will prevent the HTCP interface from being disabled from the configuration file. This could allow a remote attacker to circumvent access restrictions.

- 时间线

2002-02-21 2002-02-21
Unknow Unknow

- 解决方案

Upgrade to version 2.4.STABLE4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站