Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.51525 |
Category: | Conectiva Local Security Checks |
Title: | Conectiva Security Advisory CLA-2002:506 |
Summary: | NOSUMMARY |
Description: | Description: The remote host is missing updates announced in advisory CLA-2002:506. Squid is a caching/proxy daemon for HTTP, FTP and gopher. The squid team released squid 2.4.stable7 which fixes a number of remote vulnerabilities[1] in previous versions: - Gopher client buffer overflows[2] - FTP directory parsing buffer overflow[3] - FTP data channel sanity check[4] - Proxy authentication credentials forward[5] An attacker can exploit some of these vulnerabilities to execute arbitrary code remotely as the user running squid (which in Conectiva Linux is proxy or nobody), cause a Denial-of-Service (DoS) in the server or inject/get invalid data in/from the network. This new release also drops any requests using transfer-encoding[6] in order to avoid exploits of a known issue[7] in vulnerable apache web servers. This does not affect the functionality of squid since it is a HTTP/1.0 proxy and as such it does not support transfer-encoding requests. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.squid-cache.org/Advisories/SQUID-2002_3.txt http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE6-gopher http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE6-ftp_directories http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE6-ftp_sanitycheck http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE6-proxy_auth http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE6-deny_transfer_encoding http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000498&idioma=en http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:506 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : High |
Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |