Squid cachemgr.cgi Unauthorized Connection Vulnerability
BID:2059
Info
Squid cachemgr.cgi Unauthorized Connection Vulnerability
| Bugtraq ID: | 2059 |
| Class: | Design Error |
| CVE: |
CVE-1999-0710 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jul 23 1999 12:00AM |
| Updated: | Feb 21 2006 09:57PM |
| Credit: | Posted to BugTraq July 23, 1999 by < [email protected] > |
| Vulnerable: |
SGI ProPack 3.0 SP5 Redhat Linux 9.0 i386 Redhat Linux 7.3 i386 Redhat Fedora Core3 Redhat Fedora Core2 Redhat Fedora Core1 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Desktop 4.0 Redhat Desktop 3.0 Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 National Science Foundation Squid Web Proxy 2.2 Debian Linux 3.0 sparc Debian Linux 3.0 s/390 Debian Linux 3.0 ppc Debian Linux 3.0 mipsel Debian Linux 3.0 mips Debian Linux 3.0 m68k Debian Linux 3.0 ia-64 Debian Linux 3.0 ia-32 Debian Linux 3.0 hppa Debian Linux 3.0 arm Debian Linux 3.0 alpha Debian Linux 3.0 |
| Not Vulnerable: | |
Discussion
Squid cachemgr.cgi Unauthorized Connection Vulnerability
The 'cachemgr.cgi' module is a management interface for the Squid proxy service. It was installed by default in '/cgi-bin' by Red Hat Linux 5.2 and 6.0 installed with Squid. This script prompts for a host and port, which it then tries to connect to. If a webserver such as Apache is running, this can be used to connect to arbitrary hosts and ports, allowing for potential use as an intermediary in denial-of-service attacks, proxied port scans, etc. Interpreting the output of the script can allow the attacker to determine whether or not a connection was established.
The 'cachemgr.cgi' module is a management interface for the Squid proxy service. It was installed by default in '/cgi-bin' by Red Hat Linux 5.2 and 6.0 installed with Squid. This script prompts for a host and port, which it then tries to connect to. If a webserver such as Apache is running, this can be used to connect to arbitrary hosts and ports, allowing for potential use as an intermediary in denial-of-service attacks, proxied port scans, etc. Interpreting the output of the script can allow the attacker to determine whether or not a connection was established.
Exploit / POC
Squid cachemgr.cgi Unauthorized Connection Vulnerability
http://target.host/cgi-bin/cachemgr.cgi
An automated scanner exploit has been provided by Francisco Sáa Muñoz <[email protected]>:
http://target.host/cgi-bin/cachemgr.cgi
An automated scanner exploit has been provided by Francisco Sáa Muñoz <[email protected]>:
Solution / Fix
Squid cachemgr.cgi Unauthorized Connection Vulnerability
Solution:
Please see the referenced vendor advisories for more information and fixes.
National Science Foundation Squid Web Proxy 2.2
Solution:
Please see the referenced vendor advisories for more information and fixes.
National Science Foundation Squid Web Proxy 2.2
-
RedHat 5.2 (alpha): squid-2.2.STABLE4-5.alpha
ftp://updates.redhat.com/6.0/alpha/squid-2.2.STABLE4-5.alpha.rpm -
RedHat 5.2 (i386): squid-2.2.STABLE4-5.i386
ftp://updates.redhat.com/6.0/i386/squid-2.2.STABLE4-5.i386.rpm -
RedHat 5.2 (sparc): squid-2.2.STABLE4-5.sparc
ftp://updates.redhat.com/6.0/sparc/squid-2.2.STABLE4-5.sparc.rpm -
RedHat 6.0 (alpha): squid-2.2.STABLE4-0.5.2.alpha
ftp://updates.redhat.com/5.2/alpha/squid-2.2.STABLE4-0.5.2.alpha.rpm -
RedHat 6.0 (i386): squid-2.2.STABLE4-0.5.2.i386
ftp://updates.redhat.com/5.2/i386/squid-2.2.STABLE4-0.5.2.i386.rpm -
RedHat 6.0 (sparc): squid-2.2.STABLE4-0.5.2.sparc
ftp://updates.redhat.com/5.2/sparc/squid-2.2.STABLE4-0.5.2.sparc.rpm
References
Squid cachemgr.cgi Unauthorized Connection Vulnerability
References:
References:
- RHSA-2005:415-16 - squid security update (RedHat)
- Squid Cache Home Page (National Science Foundation)