ID CVE-2011-3205
Summary Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.
References
Vulnerable Configurations
  • squid-cache.org Squid 3.0.stable23
    cpe:2.3:a:squid-cache:squid:3.0.stable23
  • squid-cache.org Squid 3.0.stable10
    cpe:2.3:a:squid-cache:squid:3.0.stable10
  • squid-cache.org Squid 3.0.stable11 release candidate 1
    cpe:2.3:a:squid-cache:squid:3.0.stable11:rc1
  • squid-cache.org Squid 3.0.stable16 release candidate 1
    cpe:2.3:a:squid-cache:squid:3.0.stable16:rc1
  • squid-cache.org Squid 3.0.stable21
    cpe:2.3:a:squid-cache:squid:3.0.stable21
  • squid-cache.org Squid 3.0.stable22
    cpe:2.3:a:squid-cache:squid:3.0.stable22
  • squid-cache.org Squid 3.0.stable24
    cpe:2.3:a:squid-cache:squid:3.0.stable24
  • squid-cache.org Squid 3.0.stable25
    cpe:2.3:a:squid-cache:squid:3.0.stable25
  • squid-cache.org Squid 3.0.stable17
    cpe:2.3:a:squid-cache:squid:3.0.stable17
  • squid-cache.org Squid 3.0.stable18
    cpe:2.3:a:squid-cache:squid:3.0.stable18
  • squid-cache.org Squid 3.0.stable19
    cpe:2.3:a:squid-cache:squid:3.0.stable19
  • squid-cache.org Squid 3.0.stable20
    cpe:2.3:a:squid-cache:squid:3.0.stable20
  • squid-cache.org Squid 3.0.stable14
    cpe:2.3:a:squid-cache:squid:3.0.stable14
  • squid-cache.org Squid 3.0.stable13
    cpe:2.3:a:squid-cache:squid:3.0.stable13
  • squid-cache.org Squid 3.0.stable16
    cpe:2.3:a:squid-cache:squid:3.0.stable16
  • squid-cache.org Squid 3.0.stable15
    cpe:2.3:a:squid-cache:squid:3.0.stable15
  • squid-cache.org Squid 3.0.stable9
    cpe:2.3:a:squid-cache:squid:3.0.stable9
  • squid-cache.org Squid 3.0.stable8
    cpe:2.3:a:squid-cache:squid:3.0.stable8
  • squid-cache.org Squid 3.0.stable12
    cpe:2.3:a:squid-cache:squid:3.0.stable12
  • squid-cache.org Squid 3.0.stable11
    cpe:2.3:a:squid-cache:squid:3.0.stable11
  • squid-cache.org Squid 3.0.stable5
    cpe:2.3:a:squid-cache:squid:3.0.stable5
  • squid-cache.org Squid 3.0.stable4
    cpe:2.3:a:squid-cache:squid:3.0.stable4
  • squid-cache.org Squid 3.0.stable7
    cpe:2.3:a:squid-cache:squid:3.0.stable7
  • squid-cache.org Squid 3.0.stable6
    cpe:2.3:a:squid-cache:squid:3.0.stable6
  • squid-cache.org Squid 3.0.stable1
    cpe:2.3:a:squid-cache:squid:3.0.stable1
  • squid-cache.org Squid 3.0.stable3
    cpe:2.3:a:squid-cache:squid:3.0.stable3
  • squid-cache.org Squid 3.0.stable2
    cpe:2.3:a:squid-cache:squid:3.0.stable2
  • squid-cache.org Squid 3.1.5.1
    cpe:2.3:a:squid-cache:squid:3.1.5.1
  • squid-cache.org Squid 3.1.5
    cpe:2.3:a:squid-cache:squid:3.1.5
  • squid-cache.org Squid 3.1.4
    cpe:2.3:a:squid-cache:squid:3.1.4
  • squid-cache.org Squid 3.1.3
    cpe:2.3:a:squid-cache:squid:3.1.3
  • squid-cache.org Squid 3.1.7
    cpe:2.3:a:squid-cache:squid:3.1.7
  • squid-cache.org Squid 3.1.6
    cpe:2.3:a:squid-cache:squid:3.1.6
  • squid-cache.org Squid 3.1.0.5
    cpe:2.3:a:squid-cache:squid:3.1.0.5
  • squid-cache.org Squid 3.1.0.9
    cpe:2.3:a:squid-cache:squid:3.1.0.9
  • squid-cache.org Squid 3.1.0.8
    cpe:2.3:a:squid-cache:squid:3.1.0.8
  • squid-cache.org Squid 3.1.0.7
    cpe:2.3:a:squid-cache:squid:3.1.0.7
  • squid-cache.org Squid 3.1.0.6
    cpe:2.3:a:squid-cache:squid:3.1.0.6
  • squid-cache.org Squid 3.1.0.13
    cpe:2.3:a:squid-cache:squid:3.1.0.13
  • squid-cache.org Squid 3.1.0.14
    cpe:2.3:a:squid-cache:squid:3.1.0.14
  • squid-cache.org Squid 3.1.0.15
    cpe:2.3:a:squid-cache:squid:3.1.0.15
  • squid-cache.org Squid 3.1.0.10
    cpe:2.3:a:squid-cache:squid:3.1.0.10
  • squid-cache.org Squid 3.1.0.11
    cpe:2.3:a:squid-cache:squid:3.1.0.11
  • squid-cache.org Squid 3.1.0.16
    cpe:2.3:a:squid-cache:squid:3.1.0.16
  • squid-cache.org Squid 3.1.0.12
    cpe:2.3:a:squid-cache:squid:3.1.0.12
  • squid-cache.org Squid 3.1.0.17
    cpe:2.3:a:squid-cache:squid:3.1.0.17
  • squid-cache.org Squid 3.1.0.18
    cpe:2.3:a:squid-cache:squid:3.1.0.18
  • squid-cache.org Squid 3.1.1
    cpe:2.3:a:squid-cache:squid:3.1.1
  • squid-cache.org Squid 3.1.2
    cpe:2.3:a:squid-cache:squid:3.1.2
  • squid-cache.org Squid 3.1
    cpe:2.3:a:squid-cache:squid:3.1
  • squid-cache.org Squid 3.1.0.1
    cpe:2.3:a:squid-cache:squid:3.1.0.1
  • squid-cache.org Squid 3.1.0.2
    cpe:2.3:a:squid-cache:squid:3.1.0.2
  • squid-cache.org Squid 3.1.0.3
    cpe:2.3:a:squid-cache:squid:3.1.0.3
  • squid-cache.org Squid 3.1.0.4
    cpe:2.3:a:squid-cache:squid:3.1.0.4
  • squid-cache.org Squid 3.1.8
    cpe:2.3:a:squid-cache:squid:3.1.8
  • squid-cache.org Squid 3.1.9
    cpe:2.3:a:squid-cache:squid:3.1.9
  • squid-cache.org Squid 3.1.10
    cpe:2.3:a:squid-cache:squid:3.1.10
  • squid-cache.org Squid 3.1.11
    cpe:2.3:a:squid-cache:squid:3.1.11
  • squid-cache.org Squid 3.1.12
    cpe:2.3:a:squid-cache:squid:3.1.12
  • squid-cache.org Squid 3.1.13
    cpe:2.3:a:squid-cache:squid:3.1.13
  • squid-cache.org Squid 3.1.14
    cpe:2.3:a:squid-cache:squid:3.1.14
  • squid-cache.org Squid 3.2.0.1
    cpe:2.3:a:squid-cache:squid:3.2.0.1
  • squid-cache.org Squid 3.2.0.2
    cpe:2.3:a:squid-cache:squid:3.2.0.2
  • squid-cache.org Squid 3.2.0.3
    cpe:2.3:a:squid-cache:squid:3.2.0.3
  • squid-cache.org Squid 3.2.0.4
    cpe:2.3:a:squid-cache:squid:3.2.0.4
  • squid-cache.org Squid 3.2.0.5
    cpe:2.3:a:squid-cache:squid:3.2.0.5
  • squid-cache.org Squid 3.2.0.6
    cpe:2.3:a:squid-cache:squid:3.2.0.6
  • squid-cache.org Squid 3.2.0.7
    cpe:2.3:a:squid-cache:squid:3.2.0.7
  • squid-cache.org Squid 3.2.0.8
    cpe:2.3:a:squid-cache:squid:3.2.0.8
  • squid-cache.org Squid 3.2.0.9
    cpe:2.3:a:squid-cache:squid:3.2.0.9
  • squid-cache.org Squid 3.2.0.10
    cpe:2.3:a:squid-cache:squid:3.2.0.10
CVSS
Base: 6.8 (as of 06-09-2011 - 13:45)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_SQUID3-110902.NASL
    description This update of squid3 fixes a buffer overflow vulnerability in the Gopher reply parser code. (CVE-2011-3205)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 57134
    published 2011-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57134
    title SuSE 11.1 Security Update : squid3 (SAT Patch Number 5095)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-11854.NASL
    description Upstream 3.1.15 release fixing a buffer overflow issue in gopher:// processing (SQUID-2011:3) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 56138
    published 2011-09-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56138
    title Fedora 14 : squid-3.1.15-1.fc14 (2011-11854)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_SQUID_20120118.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression. (CVE-2011-3205)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80772
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80772
    title Oracle Solaris Third-Party Patch Update : squid (cve_2011_3205_buffer_overflow)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-1293.NASL
    description An updated squid package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A buffer overflow flaw was found in the way Squid parsed replies from remote Gopher servers. A remote user allowed to send Gopher requests to a Squid proxy could possibly use this flaw to cause the squid child process to crash or execute arbitrary code with the privileges of the squid user, by making Squid perform a request to an attacker-controlled Gopher server. (CVE-2011-3205) Users of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 56205
    published 2011-09-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56205
    title RHEL 6 : squid (RHSA-2011:1293)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2011-150.NASL
    description A vulnerability has been discovered and corrected in squid : Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression (CVE-2011-3205). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 56526
    published 2011-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56526
    title Mandriva Linux Security Advisory : squid (MDVSA-2011:150)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_4_SQUID3-110902.NASL
    description This update of squid3 fixes a buffer overflow vulnerability in the Gopher reply parser code (CVE-2011-3205).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 76030
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76030
    title openSUSE Security Update : squid3 (openSUSE-SU-2011:1018-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2089-1.NASL
    description This update for squid3 fixes the following issues : - Multiple issues in pinger ICMP processing. (CVE-2014-7141, CVE-2014-7142) - CVE-2016-3947: Buffer overrun issue in pinger ICMPv6 processing. (bsc#973782) - CVE-2016-4554: fix header smuggling issue in HTTP Request processing (bsc#979010) - Fix multiple Denial of Service issues in HTTP Response processing. (CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572, bsc#968392, bsc#968393, bsc#968394, bsc#968395) - Regression caused by the DoS fixes above (bsc#993299) - CVE-2016-3948: Fix denial of service in HTTP Response processing (bsc#973783) - CVE-2016-4051: fixes buffer overflow in cachemgr.cgi (bsc#976553) - CVE-2016-4052, CVE-2016-4053, CVE-2016-4054 : - fixes multiple issues in ESI processing (bsc#976556) - CVE-2016-4556: fixes double free vulnerability in Esi.cc (bsc#979008) - CVE-2015-5400: Improper Protection of Alternate Path (bsc#938715) - CVE-2014-6270: fix off-by-one in snmp subsystem (bsc#895773) - Memory leak in squid3 when using external_acl (bsc#976708) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 93294
    published 2016-09-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93294
    title SUSE SLES11 Security Update : squid3 (SUSE-SU-2016:2089-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2304.NASL
    description Ben Hawkes discovered that Squid 3, a full featured Web Proxy cache (HTTP proxy), is vulnerable to a buffer overflow when processing Gopher server replies. An attacker can exploit this flaw by connecting to a Gopher server that returns lines longer than 4096 bytes. This may result in denial of service conditions (daemon crash) or the possibly the execution of arbitrary code with rights of the squid daemon.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 56143
    published 2011-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56143
    title Debian DSA-2304-1 : squid3 - buffer overflow
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-1996-1.NASL
    description This update for squid3 fixes the following issues : - Multiple issues in pinger ICMP processing. (CVE-2014-7141, CVE-2014-7142) - CVE-2016-3947: Buffer overrun issue in pinger ICMPv6 processing. (bsc#973782) - CVE-2016-4554: fix header smuggling issue in HTTP Request processing (bsc#979010) - fix multiple Denial of Service issues in HTTP Response processing. (CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572, bsc#968392, bsc#968393, bsc#968394, bsc#968395) - CVE-2016-3948: Fix denial of service in HTTP Response processing (bsc#973783) - CVE-2016-4051: fixes buffer overflow in cachemgr.cgi (bsc#976553) - CVE-2016-4052, CVE-2016-4053, CVE-2016-4054 : - fixes multiple issues in ESI processing (bsc#976556) - CVE-2016-4556: fixes double free vulnerability in Esi.cc (bsc#979008) - CVE-2015-5400: Improper Protection of Alternate Path (bsc#938715) - CVE-2014-6270: fix off-by-one in snmp subsystem (bsc#895773) - Memory leak in squid3 when using external_acl (bsc#976708) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 93271
    published 2016-09-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93271
    title SUSE SLES11 Security Update : squid3 (SUSE-SU-2016:1996-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_SQUID3-110902.NASL
    description This update of squid3 fixes a buffer overflow vulnerability in the Gopher reply parser code (CVE-2011-3205).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75747
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75747
    title openSUSE Security Update : squid3 (openSUSE-SU-2011:1018-1)
  • NASL family Firewalls
    NASL id SQUID_3_2_0_11.NASL
    description According to its banner, the version of Squid running on the remote host is 3.x prior to 3.0.STABLE26 / 3.1.15 / 3.2.0.11. It reportedly contains a buffer overflow when parsing responses from Gopher servers that results in memory corruption and usually causes the Squid server itself to crash. Note that Nessus has relied only on the version in the proxy server's banner, which is not updated by either of the patches the project has released to address the issue. If one of those has been applied properly and the service is restarted, consider this to be a false positive.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 56215
    published 2011-09-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56215
    title Squid 3.x < 3.0.STABLE26 / 3.1.15 / 3.2.0.11 Gopher Buffer Overflow
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20110914_SQUID_ON_SL6_X.NASL
    description Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A buffer overflow flaw was found in the way Squid parsed replies from remote Gopher servers. A remote user allowed to send Gopher requests to a Squid proxy could possibly use this flaw to cause the squid child process to crash or execute arbitrary code with the privileges of the squid user, by making Squid perform a request to an attacker-controlled Gopher server. Users of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61135
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61135
    title Scientific Linux Security Update : squid on SL6.x i386/x86_64
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201110-24.NASL
    description The remote host is affected by the vulnerability described in GLSA-201110-24 (Squid: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Squid. Please review the CVE identifiers referenced below for details. Impact : Remote unauthenticated attackers may be able to execute arbitrary code with the privileges of the Squid process or cause a Denial of Service. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 56658
    published 2011-10-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56658
    title GLSA-201110-24 : Squid: Multiple vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2011-1293.NASL
    description From Red Hat Security Advisory 2011:1293 : An updated squid package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A buffer overflow flaw was found in the way Squid parsed replies from remote Gopher servers. A remote user allowed to send Gopher requests to a Squid proxy could possibly use this flaw to cause the squid child process to crash or execute arbitrary code with the privileges of the squid user, by making Squid perform a request to an attacker-controlled Gopher server. (CVE-2011-3205) Users of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68351
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68351
    title Oracle Linux 6 : squid (ELSA-2011-1293)
redhat via4
advisories
bugzilla
id 734583
title CVE-2011-3205 squid: buffer overflow flaw in Squid's Gopher reply parser (SQUID-2011:3)
oval
AND
  • comment squid is earlier than 7:3.1.10-1.el6_1.1
    oval oval:com.redhat.rhsa:tst:20111293005
  • comment squid is signed with Red Hat redhatrelease2 key
    oval oval:com.redhat.rhsa:tst:20110545006
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhsa:tst:20100842001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhsa:tst:20100842002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20100842003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20100842004
rhsa
id RHSA-2011:1293
released 2011-09-14
severity Moderate
title RHSA-2011:1293: squid security update (Moderate)
rpms squid-7:3.1.10-1.el6_1.1
refmap via4
bid 49356
confirm
debian DSA-2304
fedora FEDORA-2011-11854
mandriva MDVSA-2011:150
mlist
  • [oss-security] 20110829 CVE-request(?): squid: buffer overflow in Gopher reply parser
  • [oss-security] 20110830 Re: CVE-request(?): squid: buffer overflow in Gopher reply parser
osvdb 74847
sectrack 1025981
secunia
  • 45805
  • 45906
  • 45920
  • 45965
  • 46029
suse
  • SUSE-SU-2011:1019
  • SUSE-SU-2016:1996
  • SUSE-SU-2016:2089
  • openSUSE-SU-2011:1018
Last major update 28-11-2016 - 14:07
Published 06-09-2011 - 11:55
Back to Top