Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 17 Dec 2016 20:06:22 -0500
From: <cve-assign@...re.org>
To: <squid3@...enet.co.nz>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>
Subject: Re: CVE Request - squid HTTP proxy multiple Information Disclosure issues

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> http://www.squid-cache.org/Advisories/SQUID-2016_11.txt

> Incorrect processing of responses to If-None-Modified HTTP conditional
> requests leads to client-specific Cookie data being leaked to other
> clients. Attack requests can easily be crafted by a client to probe a
> cache for this information.

> the CVE critical leak was due to these lines in
> src/client_side_reply.cc:
> 
>      bool matchedIfNoneMatch = false;
>      if (r.header.has(HDR_IF_NONE_MATCH)) {
>         if (!e->hasIfNoneMatchEtag(r)) {
> ...
> -            http->logType = LOG_TCP_MISS;
> -            sendMoreData(result);
> 
> This last line should have called "  processMiss(result); "

Use CVE-2016-10002.


> http://www.squid-cache.org/Advisories/SQUID-2016_10.txt

> Incorrect HTTP Request header comparison results in Collapsed
> Forwarding feature mistakenly identifying some private responses as
> being suitable for delivery to multiple clients.

Use CVE-2016-10003.


> The current fix is not quite complete. However we believe the remaining
> headers leaked are not a serious security issue.

If anyone needs a CVE ID for this issue (involving other headers) that
was not fixed in 3.5.23 and 4.0.17, please let us know.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYVdwRAAoJEHb/MwWLVhi2sBwP/33e42WWt+2xK8LMWIt2opxE
F8YSXBoIMKVh8V9i9dYeFrTcXPNMSOsNLawZgUaPIIdIzMy3ipKxfJ0dHlWjIUrk
3QIPAlri8tEOJiy0gR3x1xzdYaZUq5hLpBxWvUJz/GS4OPpvlMPO8VvSYzfKVYUi
Mxw9izK9E41WCUYFTCpzWhI+M248W4CCKYul8gHbDIaV1ED+3pRLkmfgaozP1TxW
ozAB8REzpOyG+Erl5rxZ3e8Zgpf3ox6Rmv260Ue4mhZLCsK2AWR72PJs9zXRK+LQ
1cwTROdWg78iMuoB4E77L77L98OEj5sSLlo6fc5mew8lyteq7QwbfaWjuCk3ga79
BVisJvqXW7dyzLxyZ5yiMGLmHJQd4C6FaKBM6D9xSlaUaicEPvLUU+zwNHtWi0dT
3KKI4GzvBk3x62c4bjjjGpNWoK0sNiDFK465MfA343XfeEjnA+URgrzNJO8ocvMI
booClyeDs7VKwv+yGVMI+3v+YQ/kUKjERdRr4StzSEWF45GPtXnWj7F7bj/JCR4m
/mwZ9237ED5Yhq81e5/OPfJ/dnduJYoI5vjcZmVekTxh3+3AUcLXH1JxfV7Rk6z4
+Tk+X443j3cuB//zMDR8oN7RCl64R2Cx29HwCFukU6nA+wL2hVLHBrVsR+mw6fQX
7LGySLYqm7FhLtuSKhQa
=GwOM
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ