Conectiva Local Security Checks : Conectiva Security Advisory CLA-2002:464

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51501

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2002:464

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2002:464.

Squid is a high-performance proxy caching server.

Three security issues[1] have recently been found in the Squid-2.X
releases up to and including 2.4.STABLE3. From the Squid v2.4 patches
page[2]:

- Coredump on certain ftp:// style URL's[3]
If certain constructed ftp:// style URL's are received then squid
crashes, causing a denial of service (DoS) and maybe even remote
execution of code.

- SNMP memory leaks[4]
The SNMP implementation in Squid had several memory leaks possibly
causing a denial of service (DoS).

- Failure to disable the HTCP port[5]
htcp_port 0 fails to completely disable the HTCP port as documented
in squid.conf, instead HTCP will be listening on a random port
number.

Aditionally, the following patches from the site were applied:

- Potential coredump on snmpwalk[6]
Fixes a coredump on snmpwalk in certain configurations.

- CONNECT/ssl core dump[7]
Squid crashes on CONNECT requests that are allowed by http_access but
denied by miss_access.

- Filedescriptor leakage in the aufs store[8]
Fixes a filedescriptor leakage in the aufs cache_dir store
implementation.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.squid-cache.org/Advisories/SQUID-2002_1.txt
http://www.squid-cache.org/Versions/v2/2.4/bugs
http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE3-ftp_coredump
http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE3-SNMP_memory_leaks
http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE3-htcp_off
http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE2-snmpwalk_coredump
http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE2-CONNECT_miss_access_core
http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE2-aufs_fd_leak
http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:464
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002

Risk factor : High

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51501
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2002:464
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2002:464. Squid is a high-performance proxy caching server. Three security issues[1] have recently been found in the Squid-2.X releases up to and including 2.4.STABLE3. From the Squid v2.4 patches page[2]: - Coredump on certain ftp:// style URL's[3] If certain constructed ftp:// style URL's are received then squid crashes, causing a denial of service (DoS) and maybe even remote execution of code. - SNMP memory leaks[4] The SNMP implementation in Squid had several memory leaks possibly causing a denial of service (DoS). - Failure to disable the HTCP port[5] htcp_port 0 fails to completely disable the HTCP port as documented in squid.conf, instead HTCP will be listening on a random port number. Aditionally, the following patches from the site were applied: - Potential coredump on snmpwalk[6] Fixes a coredump on snmpwalk in certain configurations. - CONNECT/ssl core dump[7] Squid crashes on CONNECT requests that are allowed by http_access but denied by miss_access. - Filedescriptor leakage in the aufs store[8] Fixes a filedescriptor leakage in the aufs cache_dir store implementation. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.squid-cache.org/Advisories/SQUID-2002_1.txt http://www.squid-cache.org/Versions/v2/2.4/bugs http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE3-ftp_coredump http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE3-SNMP_memory_leaks http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE3-htcp_off http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE2-snmpwalk_coredump http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE2-CONNECT_miss_access_core http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE2-aufs_fd_leak http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:464 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com