Conectiva Local Security Checks : Conectiva Security Advisory CLA-2002:506

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.51525

Kategorie: Conectiva Local Security Checks

Titel: Conectiva Security Advisory CLA-2002:506

Zusammenfassung: NOSUMMARY

Beschreibung: Description:

The remote host is missing updates announced in
advisory CLA-2002:506.

Squid is a caching/proxy daemon for HTTP, FTP and gopher.

The squid team released squid 2.4.stable7 which fixes a number of
remote vulnerabilities[1] in previous versions:

- Gopher client buffer overflows[2]
- FTP directory parsing buffer overflow[3]
- FTP data channel sanity check[4]
- Proxy authentication credentials forward[5]

An attacker can exploit some of these vulnerabilities to execute
arbitrary code remotely as the user running squid (which in Conectiva
Linux is proxy or nobody), cause a Denial-of-Service (DoS) in the
server or inject/get invalid data in/from the network.

This new release also drops any requests using transfer-encoding[6]
in order to avoid exploits of a known issue[7] in vulnerable apache
web servers. This does not affect the functionality of squid since it
is a HTTP/1.0 proxy and as such it does not support transfer-encoding
requests.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.squid-cache.org/Advisories/SQUID-2002_3.txt
http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE6-gopher
http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE6-ftp_directories
http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE6-ftp_sanitycheck
http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE6-proxy_auth
http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE6-deny_transfer_encoding
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000498&idioma=en
http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:506
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002

Risk factor : High

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.51525
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLA-2002:506
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory CLA-2002:506. Squid is a caching/proxy daemon for HTTP, FTP and gopher. The squid team released squid 2.4.stable7 which fixes a number of remote vulnerabilities[1] in previous versions: - Gopher client buffer overflows[2] - FTP directory parsing buffer overflow[3] - FTP data channel sanity check[4] - Proxy authentication credentials forward[5] An attacker can exploit some of these vulnerabilities to execute arbitrary code remotely as the user running squid (which in Conectiva Linux is proxy or nobody), cause a Denial-of-Service (DoS) in the server or inject/get invalid data in/from the network. This new release also drops any requests using transfer-encoding[6] in order to avoid exploits of a known issue[7] in vulnerable apache web servers. This does not affect the functionality of squid since it is a HTTP/1.0 proxy and as such it does not support transfer-encoding requests. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.squid-cache.org/Advisories/SQUID-2002_3.txt http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE6-gopher http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE6-ftp_directories http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE6-ftp_sanitycheck http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE6-proxy_auth http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE6-deny_transfer_encoding http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000498&idioma=en http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:506 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com