[Bug 1952158] Re: squid does not accept WCCP of Cisco router since 3.5.27-1ubuntu1.12

Fri, 03 Dec 2021 09:41:08 -0800 

Thank you for taking the time to file a bug report.

I noticed that the latest update of the squid3 package on Bionic was a
security fix that touched exactly the WCCP code:

squid3 (3.5.27-1ubuntu1.12) bionic-security; urgency=medium

  * SECURITY UPDATE: information disclosure via OOB read in WCCP protocol
    - debian/patches/CVE-2021-28116.patch: validate packets better in
      src/wccp2.cc.
    - CVE-2021-28116

 -- Marc Deslauriers <marc.deslauri...@ubuntu.com>  Mon, 04 Oct 2021
08:32:25 -0400

I'm trying to understand here how to reproduce this bug.  I don't have
access to Cisco hardware, and I'm not an expert on WCCP (far from it).

Given the description of the changelog entry above, I would double check
to see if your Cisco hardware is properly configured and running the
latest version of its firmware/software.

Based on the logs you posted, the following is one of the assertions
that is failing on squid:

  Must(ntohl(wccp2_i_see_you.type) == WCCP2_I_SEE_YOU);

This means that the packet received by squid don't have the expected
type, apparently.  This check wasn't here before the patch.

This is another assertion that is failing:

         case WCCP2_SECURITY_INFO:
             Must(!security_info); // <----- THIS ASSERTION HERE
             SetField(security_info, itemHeader, itemHeader, itemSize,
                      "security definition truncated");
             break;

This case statement has been rewritten, and the assertion is now in
place there.

In fact, this whole function has been overhauled and is quite different
than what it was before this latest squid3 version.  I am not sure if
what you're seeing is in fact a bug in squid, or is actually squid being
more careful regarding what it accepts as WCCP packets.

Either way, I would need a way to reproduce this error locally in order
to further investigate it.  Could you please provide some help in this
regard?  It would also be great if could try squid from newer Ubuntu
releases to see if you can reproduce this problem.

I am setting this as Incomplete for now.

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-28116

** Changed in: squid3 (Ubuntu Bionic)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1952158

Title:
  squid does not accept WCCP of Cisco router since 3.5.27-1ubuntu1.12

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/squid/+bug/1952158/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to