Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.52840
Kategorie:Turbolinux Local Security Tests
Titel:Turbolinux TLSA-2005-24 (squid)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing an update to squid
announced via advisory TLSA-2005-24.

Squid is a high-performance proxy caching server for web clients,
supporting FTP, gopher and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single, non-blocking,
I/O-driven process.

Multiple vulnerabilities have been discovered in Squid:
- A buffer overflow vulnerability exists in the gopherToHTML function in
the Gopher reply parser.
- A integer overflow vulnerability exists in the WCCP message parsing code.
- Squid's squid_ldap_auth function allows remotely authenticated users
to bypass username-based Access Control Lists (ACLs) via a username
with a space at the beginning or end, which is ignored by the LDAP server.
- Squid may be susceptible to cache pollution via a HTTP reponse splitting
attack.
- The meaning of the access controls becomes somewhat confusing if any
of the referenced ACLs is declared empty, without any members.
- The length argument of the WCCP recvfrom() call is larger than it
should be. An attacker could send a larger-than-normal WCCP packet
and overflow the buffer.

These vulnerabilities could allow remote attackers to cause a denial of
service, possibly execute arbitrary code, and/or allow remote users to
bypass access control rules.

Solution: Please use the turbopkg (zabom) tool to apply the update.
https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2005-24

Risk factor : Critical

CVSS Score:
10.0

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2005-0094
BugTraq ID: 12276
http://www.securityfocus.com/bid/12276
Conectiva Linux advisory: CLA-2005:923
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923
Debian Security Information: DSA-651 (Google Search)
http://www.debian.org/security/2005/dsa-651
http://fedoranews.org/updates/FEDORA--.shtml
http://security.gentoo.org/glsa/glsa-200501-25.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:014
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11146
http://www.redhat.com/support/errata/RHSA-2005-060.html
http://www.redhat.com/support/errata/RHSA-2005-061.html
http://secunia.com/advisories/13825
SuSE Security Announcement: SUSE-SA:2005:006 (Google Search)
http://www.novell.com/linux/security/advisories/2005_06_squid.html
http://www.trustix.org/errata/2005/0003/
Common Vulnerability Exposure (CVE) ID: CVE-2005-0095
BugTraq ID: 12275
http://www.securityfocus.com/bid/12275
http://www.osvdb.org/12886
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10269
http://securitytracker.com/id?1012882
Common Vulnerability Exposure (CVE) ID: CVE-2005-0173
BugTraq ID: 12431
http://www.securityfocus.com/bid/12431
Bugtraq: 20050207 [USN-77-1] Squid vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=110780531820947&w=2
CERT/CC vulnerability note: VU#924198
http://www.kb.cert.org/vuls/id/924198
Debian Security Information: DSA-667 (Google Search)
http://www.debian.org/security/2005/dsa-667
http://www.mandriva.com/security/advisories?name=MDKSA-2005:034
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10251
Common Vulnerability Exposure (CVE) ID: CVE-2005-0175
BugTraq ID: 12433
http://www.securityfocus.com/bid/12433
CERT/CC vulnerability note: VU#625878
http://www.kb.cert.org/vuls/id/625878
Conectiva Linux advisory: CLA-2005:931
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931
http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11605
Common Vulnerability Exposure (CVE) ID: CVE-2005-0194
Bugtraq: 20050221 [USN-84-1] Squid vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=110901183320453&w=2
CERT/CC vulnerability note: VU#260421
http://www.kb.cert.org/vuls/id/260421
Common Vulnerability Exposure (CVE) ID: CVE-2005-0211
BugTraq ID: 12432
http://www.securityfocus.com/bid/12432
CERT/CC vulnerability note: VU#886006
http://www.kb.cert.org/vuls/id/886006
http://www.osvdb.org/13319
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9573
http://securitytracker.com/id?1013045
http://secunia.com/advisories/14076
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.