 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.51325 |
| Kategorie: | Conectiva Local Security Checks |
| Titel: | Conectiva Security Advisory CLA-2005:923 |
| Zusammenfassung: | NOSUMMARY |
| Beschreibung: | Description: The remote host is missing updates announced in advisory CLA-2005:923. Squid[1] is a full-featured web proxy cache. This announcement adds the following patches to Squid: 1.Empty ACLs[2] The meaning of the access controls becomes somewhat confusing if any of the referenced acls is declared empty, without any members. 2.Fakeauth_auth[3] The NTLM fakeauth_auth helper has a memory leak that may cause it to run out of memory under high load, or if it runs for a very long time. Additionally, a malformed NTLM type 3 message could cause a segmentation violation. 3.LDAP spaces[4] LDAP is very forgiving about spaces in search filters and this could be abused to log in using several variants of the login name, possibly bypassing explicit access controls or confusing accounting 4.Non blocking disk[5] O_NONBLOCK on disk files is not is not standardized, and results may be unexpected. Linux now starts to add O_NONBLOCK support on disk files but the implementation is not complete yet and this bites Squid. 5.Gopher html parsing[6] A malicious gopher server may return a response with very long lines that cause a buffer overflow in Squid. 6.WCCP denial of service[7] WCCP_I_SEE_YOU messages contain a 'number of caches' field which should be between 1 and 32. Values outside that range may crash Squid if WCCP is enabled, and if an attacker can spoof UDP packets with the WCCP router's IP address. 7.SNMP core dump[8] If certain malformed SNMP request is received Squid restarts with a Segmentation Fault error. Aditionally, this announcement increases the Squid's initscript timeout for waiting it to stop from 10 seconds to 35 seconds, avoiding problems with stuck connections. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://squid.nlanr.net/ http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-non_blocking_disk http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-gopher_html_parsing http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_denial_of_service http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE6-SNMP_core_dump http://www.securityspace.com/smysecure/catid.html?in=CLA-2005:923 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000923 Risk factor : High |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |