SNMP: Squid SNMP Proxy ASN.1 Parser Overflow
This signature detects attempts to exploit a known vulnerability against a Squid proxy server, used to proxy Simple Network Management Protocol (SNMP). Because the ASN.1 parser improperly handles large values, attackers can send an overly large ASN.1 value (within a maliciously crafted SNMP packet) to overflow the buffer and crash the server process.
Extended Description
Squid is prone to a denial-of-service vulnerability in its SNMP ASN.1 parser. SNMP support is not enabled by default as provided by the vendor, but may be enabled by default when Squid is included as a binary application in certain unconfirmed operating systems. This vulnerability allows remote attackers to crash affected Squid proxies with single UDP datagrams that may be spoofed. Squid will attempt to restart itself automatically, but an attacker sending repeated malicious SNMP packets can effectively deny service to legitimate users. Squid 2.5-STABLE6 and earlier, as well as 3.0-PRE3-20040702, are reported vulnerable.
Affected Products
Openpkg openpkg
Short Name
SNMP:SQUID-PROXY-ASN1-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
SNMP
Keywords
ASN.1 CVE-2004-0918 Overflow Parser Proxy SNMP Squid bid:11385
Release Date
11/17/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
Port
UDP/161,3401
False Positive
Unknown
Vendors
Red_hat
Sco
Conectiva
Gentoo
Trustix
Openpkg
Squid
Ubuntu
CVSS Score
5.0