Conectiva Local Security Checks : Conectiva Security Advisory CLA-2002:464

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.51501

Kategorie: Conectiva Local Security Checks

Titel: Conectiva Security Advisory CLA-2002:464

Zusammenfassung: NOSUMMARY

Beschreibung: Description:

The remote host is missing updates announced in
advisory CLA-2002:464.

Squid is a high-performance proxy caching server.

Three security issues[1] have recently been found in the Squid-2.X
releases up to and including 2.4.STABLE3. From the Squid v2.4 patches
page[2]:

- Coredump on certain ftp:// style URL's[3]
If certain constructed ftp:// style URL's are received then squid
crashes, causing a denial of service (DoS) and maybe even remote
execution of code.

- SNMP memory leaks[4]
The SNMP implementation in Squid had several memory leaks possibly
causing a denial of service (DoS).

- Failure to disable the HTCP port[5]
htcp_port 0 fails to completely disable the HTCP port as documented
in squid.conf, instead HTCP will be listening on a random port
number.

Aditionally, the following patches from the site were applied:

- Potential coredump on snmpwalk[6]
Fixes a coredump on snmpwalk in certain configurations.

- CONNECT/ssl core dump[7]
Squid crashes on CONNECT requests that are allowed by http_access but
denied by miss_access.

- Filedescriptor leakage in the aufs store[8]
Fixes a filedescriptor leakage in the aufs cache_dir store
implementation.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.squid-cache.org/Advisories/SQUID-2002_1.txt
http://www.squid-cache.org/Versions/v2/2.4/bugs
http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE3-ftp_coredump
http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE3-SNMP_memory_leaks
http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE3-htcp_off
http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE2-snmpwalk_coredump
http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE2-CONNECT_miss_access_core
http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE2-aufs_fd_leak
http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:464
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002

Risk factor : High

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.51501
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLA-2002:464
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory CLA-2002:464. Squid is a high-performance proxy caching server. Three security issues[1] have recently been found in the Squid-2.X releases up to and including 2.4.STABLE3. From the Squid v2.4 patches page[2]: - Coredump on certain ftp:// style URL's[3] If certain constructed ftp:// style URL's are received then squid crashes, causing a denial of service (DoS) and maybe even remote execution of code. - SNMP memory leaks[4] The SNMP implementation in Squid had several memory leaks possibly causing a denial of service (DoS). - Failure to disable the HTCP port[5] htcp_port 0 fails to completely disable the HTCP port as documented in squid.conf, instead HTCP will be listening on a random port number. Aditionally, the following patches from the site were applied: - Potential coredump on snmpwalk[6] Fixes a coredump on snmpwalk in certain configurations. - CONNECT/ssl core dump[7] Squid crashes on CONNECT requests that are allowed by http_access but denied by miss_access. - Filedescriptor leakage in the aufs store[8] Fixes a filedescriptor leakage in the aufs cache_dir store implementation. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.squid-cache.org/Advisories/SQUID-2002_1.txt http://www.squid-cache.org/Versions/v2/2.4/bugs http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE3-ftp_coredump http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE3-SNMP_memory_leaks http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE3-htcp_off http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE2-snmpwalk_coredump http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE2-CONNECT_miss_access_core http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE2-aufs_fd_leak http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:464 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com