splunk 3.5.27-Sec Advisories

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

splunk 3.5.27-Sec Advisories

Kumpf, Scott
Greetings,

The organization I work for is running Splunk for Windows version 3.5.27 which is impacted by 3 security vulnerabilities that were released earlier this year.  From what I can tell, our squid implementation was installed using an MSI package from Diladele.  It is my understanding per the advisories, the first point of contact for support is the maintainer/package vendor.  Diladele referred me back to Squid Developers and the only version that they have made available is version 3.5.27.  As I am not too familiar with source code packaging or compiling, I am in search for some guidance on available options to mitigate or remediate these vulnerabilities.  I believe 2 of them have workarounds that can be implemented by modifying the squid.conf.
As I  am not aware of how to determine how this version was configured at time of build therefore am not 100% certain if my implementation is even vulnerable.  Supposing the software is at risk, the advisories indicate there are patches available for each issue, however, I'm not clear on what to do with the information that the patch link presents.

The vulnerabilities are:
SQUID-2018:3 (CVE-2018-1172), Apr 18, 2018
Fixed from 4.0.13
Denial of Service issue in ESI Response processing.
SQUID-2018:2 (CVE-2018-1000027), Jan 19, 2018
Fixed from 4.0.23
Denial of Service issue in HTTP Response processing.
SQUID-2018:1 (CVE-2018-1000024), Jan 19, 2018
Fixed from 4.0.23
Denial of Service issue in ESI Response processing.

Any and all feedback, guidance, and assistance is greatly appreciated.

Thanks,

Scott

Scott Kumpf
Sr. Network Engineer (Contractor)
Orlando Utilities Commission
Office: (407) 434-4305 / Cell: (386) 547-2698
Email: [hidden email]





________________________________

DISCLAIMER:
Florida has a very broad public records law. As a result, any written communication created or received by Orlando Utilities Commission officials and employees will be made available to the public and media, upon request, unless otherwise exempt. Under Florida law, email addresses are public records. If you do not want your email address released in response to a public records request, do not send electronic mail to this office. Instead, contact our office by phone or in writing.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: splunk 3.5.27-Sec Advisories

Amos Jeffries
Administrator
On 28/07/18 08:48, Kumpf, Scott wrote:
> Greetings,
>
> The organization I work for is running Splunk for Windows version 3.5.27 which is impacted by 3 security vulnerabilities that were released earlier this year.  From what I can tell, our squid implementation was installed using an MSI package from Diladele.  It is my understanding per the advisories, the first point of contact for support is the maintainer/package vendor.  Diladele referred me back to Squid Developers and the only version that they have made available is version 3.5.27.  As I am not too familiar with source code packaging or compiling, I am in search for some guidance on available options to mitigate or remediate these vulnerabilities.  I believe 2 of them have workarounds that can be implemented by modifying the squid.conf.
> As I  am not aware of how to determine how this version was configured at time of build therefore am not 100% certain if my implementation is even vulnerable.  Supposing the software is at risk, the advisories indicate there are patches available for each issue, however, I'm not clear on what to do with the information that the patch link presents.
>

The command line "squid -v" will list the build options used for your
particular binary along with its particular version. The advisory
section titled "Determining if your version is vulnerable:" is a
checklist to compare against your Squid. One statement there should
match your particular Squid installation.

The fixes for all these are in our 3.5.28 bundle from 10 days ago. I
have not made the official announcements yet (thanks for the reminder)
so Diladele may have not been aware.

I've cc'd Rafael on this reply and also opened an issue in the tracker
specifically notifying of the release so they can start on that while I
do the write-up. <https://github.com/diladele/squid-windows/issues/81>


HTH
Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: splunk 3.5.27-Sec Advisories

Rafael Akchurin
Hello Amos, Scott,

Will try building now. Shall be possible by the end of next week I hope.

Best regards,
Rafael Akchurin

> Op 28 jul. 2018 om 07:23 heeft Amos Jeffries <[hidden email]> het volgende geschreven:
>
>> On 28/07/18 08:48, Kumpf, Scott wrote:
>> Greetings,
>>
>> The organization I work for is running Splunk for Windows version 3.5.27 which is impacted by 3 security vulnerabilities that were released earlier this year.  From what I can tell, our squid implementation was installed using an MSI package from Diladele.  It is my understanding per the advisories, the first point of contact for support is the maintainer/package vendor.  Diladele referred me back to Squid Developers and the only version that they have made available is version 3.5.27.  As I am not too familiar with source code packaging or compiling, I am in search for some guidance on available options to mitigate or remediate these vulnerabilities.  I believe 2 of them have workarounds that can be implemented by modifying the squid.conf.
>> As I  am not aware of how to determine how this version was configured at time of build therefore am not 100% certain if my implementation is even vulnerable.  Supposing the software is at risk, the advisories indicate there are patches available for each issue, however, I'm not clear on what to do with the information that the patch link presents.
>>
>
> The command line "squid -v" will list the build options used for your
> particular binary along with its particular version. The advisory
> section titled "Determining if your version is vulnerable:" is a
> checklist to compare against your Squid. One statement there should
> match your particular Squid installation.
>
> The fixes for all these are in our 3.5.28 bundle from 10 days ago. I
> have not made the official announcements yet (thanks for the reminder)
> so Diladele may have not been aware.
>
> I've cc'd Rafael on this reply and also opened an issue in the tracker
> specifically notifying of the release so they can start on that while I
> do the write-up. <https://github.com/diladele/squid-windows/issues/81>
>
>
> HTH
> Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: splunk 3.5.27-Sec Advisories

Kumpf, Scott
Greetings,

Checking in to see how the new Squid for Windows build is coming along, is there an update?  Is there a tentative release date?

*Subject is incorrect---ignore 'splunk'

Scott Kumpf
Sr. Network Engineer-EMS (Contractor)
Orlando Utilities Commission
Office: (407) 434-4305 / Cell: (386) 547-2698
Email: [hidden email]




-----Original Message-----
From: squid-users [mailto:[hidden email]] On Behalf Of Rafael Akchurin
Sent: Saturday, July 28, 2018 1:36 AM
To: Amos Jeffries <[hidden email]>
Cc: [hidden email]
Subject: Re: [squid-users] splunk 3.5.27-Sec Advisories

Hello Amos, Scott,

Will try building now. Shall be possible by the end of next week I hope.

Best regards,
Rafael Akchurin

> Op 28 jul. 2018 om 07:23 heeft Amos Jeffries <[hidden email]> het volgende geschreven:
>
>> On 28/07/18 08:48, Kumpf, Scott wrote:
>> Greetings,
>>
>> The organization I work for is running Splunk for Windows version 3.5.27 which is impacted by 3 security vulnerabilities that were released earlier this year.  From what I can tell, our squid implementation was installed using an MSI package from Diladele.  It is my understanding per the advisories, the first point of contact for support is the maintainer/package vendor.  Diladele referred me back to Squid Developers and the only version that they have made available is version 3.5.27.  As I am not too familiar with source code packaging or compiling, I am in search for some guidance on available options to mitigate or remediate these vulnerabilities.  I believe 2 of them have workarounds that can be implemented by modifying the squid.conf.
>> As I  am not aware of how to determine how this version was configured at time of build therefore am not 100% certain if my implementation is even vulnerable.  Supposing the software is at risk, the advisories indicate there are patches available for each issue, however, I'm not clear on what to do with the information that the patch link presents.
>>
>
> The command line "squid -v" will list the build options used for your
> particular binary along with its particular version. The advisory
> section titled "Determining if your version is vulnerable:" is a
> checklist to compare against your Squid. One statement there should
> match your particular Squid installation.
>
> The fixes for all these are in our 3.5.28 bundle from 10 days ago. I
> have not made the official announcements yet (thanks for the reminder)
> so Diladele may have not been aware.
>
> I've cc'd Rafael on this reply and also opened an issue in the tracker
> specifically notifying of the release so they can start on that while
> I do the write-up.
> <https://github.com/diladele/squid-windows/issues/81>
>
>
> HTH
> Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

________________________________

DISCLAIMER:
Florida has a very broad public records law. As a result, any written communication created or received by Orlando Utilities Commission officials and employees will be made available to the public and media, upon request, unless otherwise exempt. Under Florida law, email addresses are public records. If you do not want your email address released in response to a public records request, do not send electronic mail to this office. Instead, contact our office by phone or in writing.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: splunk 3.5.27-Sec Advisories

Rafael Akchurin
We are waiting on it. Sorry summer time :)

Best regards,
Rafael Akchurin

> Op 3 aug. 2018 om 21:06 heeft Kumpf, Scott <[hidden email]> het volgende geschreven:
>
> Greetings,
>
> Checking in to see how the new Squid for Windows build is coming along, is there an update?  Is there a tentative release date?
>
> *Subject is incorrect---ignore 'splunk'
>
> Scott Kumpf
> Sr. Network Engineer-EMS (Contractor)
> Orlando Utilities Commission
> Office: (407) 434-4305 / Cell: (386) 547-2698
> Email: [hidden email]
>
>
>
>
> -----Original Message-----
> From: squid-users [mailto:[hidden email]] On Behalf Of Rafael Akchurin
> Sent: Saturday, July 28, 2018 1:36 AM
> To: Amos Jeffries <[hidden email]>
> Cc: [hidden email]
> Subject: Re: [squid-users] splunk 3.5.27-Sec Advisories
>
> Hello Amos, Scott,
>
> Will try building now. Shall be possible by the end of next week I hope.
>
> Best regards,
> Rafael Akchurin
>
>>> Op 28 jul. 2018 om 07:23 heeft Amos Jeffries <[hidden email]> het volgende geschreven:
>>>
>>> On 28/07/18 08:48, Kumpf, Scott wrote:
>>> Greetings,
>>>
>>> The organization I work for is running Splunk for Windows version 3.5.27 which is impacted by 3 security vulnerabilities that were released earlier this year.  From what I can tell, our squid implementation was installed using an MSI package from Diladele.  It is my understanding per the advisories, the first point of contact for support is the maintainer/package vendor.  Diladele referred me back to Squid Developers and the only version that they have made available is version 3.5.27.  As I am not too familiar with source code packaging or compiling, I am in search for some guidance on available options to mitigate or remediate these vulnerabilities.  I believe 2 of them have workarounds that can be implemented by modifying the squid.conf.
>>> As I  am not aware of how to determine how this version was configured at time of build therefore am not 100% certain if my implementation is even vulnerable.  Supposing the software is at risk, the advisories indicate there are patches available for each issue, however, I'm not clear on what to do with the information that the patch link presents.
>>>
>>
>> The command line "squid -v" will list the build options used for your
>> particular binary along with its particular version. The advisory
>> section titled "Determining if your version is vulnerable:" is a
>> checklist to compare against your Squid. One statement there should
>> match your particular Squid installation.
>>
>> The fixes for all these are in our 3.5.28 bundle from 10 days ago. I
>> have not made the official announcements yet (thanks for the reminder)
>> so Diladele may have not been aware.
>>
>> I've cc'd Rafael on this reply and also opened an issue in the tracker
>> specifically notifying of the release so they can start on that while
>> I do the write-up.
>> <https://github.com/diladele/squid-windows/issues/81>
>>
>>
>> HTH
>> Amos
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
>
> ________________________________
>
> DISCLAIMER:
> Florida has a very broad public records law. As a result, any written communication created or received by Orlando Utilities Commission officials and employees will be made available to the public and media, upon request, unless otherwise exempt. Under Florida law, email addresses are public records. If you do not want your email address released in response to a public records request, do not send electronic mail to this office. Instead, contact our office by phone or in writing.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users