Misc. : Squid null character unauthorized access

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.12124

Categoría: Misc.

Título: Squid null character unauthorized access

Resumen: NOSUMMARY

Descripción: Description:

The remote squid caching proxy, according to its version number,
is vulnerable to a flaw which may allow an attacker to gain access
to unauthorized resources.

The flaw in itself consists of sending a malformed username containing
the %00 (null) character, which may allow an attacker to access otherwise
restricted resources.

Solution : Upgrade to squid 2.5.STABLE6 or newer
Risk factor : High

Referencia Cruzada: BugTraq ID: 9778
Common Vulnerability Exposure (CVE) ID: CVE-2004-0189
http://www.securityfocus.com/bid/9778
Bugtraq: 20040401 [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid) (Google Search)
http://marc.info/?l=bugtraq&m=108084935904110&w=2
Conectiva Linux advisory: CLA-2004:838
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000838
Debian Security Information: DSA-474 (Google Search)
http://www.debian.org/security/2004/dsa-474
http://security.gentoo.org/glsa/glsa-200403-11.xml
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025
http://www.osvdb.org/5916
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A877
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A941
http://www.redhat.com/support/errata/RHSA-2004-133.html
http://www.redhat.com/support/errata/RHSA-2004-134.html
SCO Security Bulletin: SCOSA-2005.16
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt
SGI Security Advisory: 20040404-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc
XForce ISS Database: squid-urlregex-acl-bypass(15366)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15366

Copyright This script is Copyright (C) 2004 Tenable Network Security

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.12124
Categoría:	Misc.
Título:	Squid null character unauthorized access
Resumen:	NOSUMMARY
Descripción:	Description: The remote squid caching proxy, according to its version number, is vulnerable to a flaw which may allow an attacker to gain access to unauthorized resources. The flaw in itself consists of sending a malformed username containing the %00 (null) character, which may allow an attacker to access otherwise restricted resources. Solution : Upgrade to squid 2.5.STABLE6 or newer Risk factor : High
Referencia Cruzada:	BugTraq ID: 9778 Common Vulnerability Exposure (CVE) ID: CVE-2004-0189 http://www.securityfocus.com/bid/9778 Bugtraq: 20040401 [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid) (Google Search) http://marc.info/?l=bugtraq&m=108084935904110&w=2 Conectiva Linux advisory: CLA-2004:838 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000838 Debian Security Information: DSA-474 (Google Search) http://www.debian.org/security/2004/dsa-474 http://security.gentoo.org/glsa/glsa-200403-11.xml http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025 http://www.osvdb.org/5916 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A877 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A941 http://www.redhat.com/support/errata/RHSA-2004-133.html http://www.redhat.com/support/errata/RHSA-2004-134.html SCO Security Bulletin: SCOSA-2005.16 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt SGI Security Advisory: 20040404-01-U ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc XForce ISS Database: squid-urlregex-acl-bypass(15366) https://exchange.xforce.ibmcloud.com/vulnerabilities/15366
Copyright	This script is Copyright (C) 2004 Tenable Network Security