English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.51341
Kategorie:Conectiva Local Security Checks
Titel:Conectiva Security Advisory CLA-2004:838
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing updates announced in
advisory CLA-2004:838.

Squid is a full-featured web proxy cache.

Squid uses Access Control Lists (ACLs) to restrict access to sites or
users according to certain rules. This update fixes a
vulnerability[1] that allows a malicious user to bypass url_regex
ACLs by using a specially crafted URL containing the characters
'%00'. When interpreted by squid, only part of such a URL is
considered, potentially allowing the client to access prohibited
sites.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-0189 to this issue[2].

Additionally, the packages for Conectiva Linux 9 are being updated to
the latest stable squid version (2.5STABLE5), which includes several
other fixes and improvements. One of the most notorious improvements
is the inclusion of a new Access Control type called urllogin. This
new configuration directive (which is not enabled by default) can be
used to protect vulnerable[3,4,5] Microsoft Internet Explorer(TM)
clients from accessing some malicious and specially crafted URLs.


Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.squid-cache.org/Advisories/SQUID-2004_1.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1025
http://www.kb.cert.org/vuls/id/652278
http://www.microsoft.com/security/incident/spoof.asp
http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:838
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004

Risk factor : High

CVSS Score:
7.5

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2004-0189
BugTraq ID: 9778
http://www.securityfocus.com/bid/9778
Bugtraq: 20040401 [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid) (Google Search)
http://marc.info/?l=bugtraq&m=108084935904110&w=2
Conectiva Linux advisory: CLA-2004:838
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000838
Debian Security Information: DSA-474 (Google Search)
http://www.debian.org/security/2004/dsa-474
http://security.gentoo.org/glsa/glsa-200403-11.xml
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025
http://www.osvdb.org/5916
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A877
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A941
http://www.redhat.com/support/errata/RHSA-2004-133.html
http://www.redhat.com/support/errata/RHSA-2004-134.html
SCO Security Bulletin: SCOSA-2005.16
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt
SGI Security Advisory: 20040404-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc
XForce ISS Database: squid-urlregex-acl-bypass(15366)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15366
Common Vulnerability Exposure (CVE) ID: CVE-2003-1025
Bugtraq: 20031209 Internet Explorer URL parsing vulnerability (Google Search)
http://www.securityfocus.com/archive/1/346948
Cert/CC Advisory: TA04-033A
http://www.us-cert.gov/cas/techalerts/TA04-033A.html
CERT/CC vulnerability note: VU#652278
http://www.kb.cert.org/vuls/id/652278
http://www.zapthedingbat.com/security/ex01/vun1.htm
Microsoft Security Bulletin: MS04-004
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A490
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A491
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A510
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A511
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A512
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A513
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A526
XForce ISS Database: ie-domain-url-spoofing(13935)
https://exchange.xforce.ibmcloud.com/vulnerabilities/13935
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.