Red Hat Local Security Checks : RedHat Security Advisory RHSA-2005:061

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51622

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2005:061

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2005:061.

Squid is a full-featured Web proxy cache.

A number of errors have been fixed, including:
- a buffer overflow in the Gopher relay parser
- an integer and buffer overflow in the WCCP message parser
- a memory leak in the NTLM fakeauth_auth helper
- a NULL pointer de-reference in the NTLM fakeauth_auth helper
- a username validation error in squid_ldap_auth
- several Squid cache poisoning vulnerabilities

For complete details users are advised to view the associated
Red Hat advisory referenced below.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-061.html
http://www.squid-cache.org/Advisories/SQUID-2005_1.txt
http://www.squid-cache.org/Advisories/SQUID-2005_2.txt
http://www.squid-cache.org/Advisories/SQUID-2005_3.txt
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0241

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-0094
BugTraq ID: 12276
http://www.securityfocus.com/bid/12276
Conectiva Linux advisory: CLA-2005:923
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923
Debian Security Information: DSA-651 (Google Search)
http://www.debian.org/security/2005/dsa-651
http://fedoranews.org/updates/FEDORA--.shtml
http://security.gentoo.org/glsa/glsa-200501-25.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:014
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11146
http://www.redhat.com/support/errata/RHSA-2005-060.html
http://www.redhat.com/support/errata/RHSA-2005-061.html
http://secunia.com/advisories/13825
SuSE Security Announcement: SUSE-SA:2005:006 (Google Search)
http://www.novell.com/linux/security/advisories/2005_06_squid.html
http://www.trustix.org/errata/2005/0003/
Common Vulnerability Exposure (CVE) ID: CVE-2005-0095
BugTraq ID: 12275
http://www.securityfocus.com/bid/12275
http://www.osvdb.org/12886
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10269
http://securitytracker.com/id?1012882
Common Vulnerability Exposure (CVE) ID: CVE-2005-0096
BugTraq ID: 12324
http://www.securityfocus.com/bid/12324
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10233
http://securitytracker.com/id?1012818
Common Vulnerability Exposure (CVE) ID: CVE-2005-0097
BugTraq ID: 12220
http://www.securityfocus.com/bid/12220
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11646
http://secunia.com/advisories/13789
Common Vulnerability Exposure (CVE) ID: CVE-2005-0173
BugTraq ID: 12431
http://www.securityfocus.com/bid/12431
Bugtraq: 20050207 [USN-77-1] Squid vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=110780531820947&w=2
CERT/CC vulnerability note: VU#924198
http://www.kb.cert.org/vuls/id/924198
Debian Security Information: DSA-667 (Google Search)
http://www.debian.org/security/2005/dsa-667
http://www.mandriva.com/security/advisories?name=MDKSA-2005:034
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10251
Common Vulnerability Exposure (CVE) ID: CVE-2005-0174
BugTraq ID: 12412
http://www.securityfocus.com/bid/12412
CERT/CC vulnerability note: VU#768702
http://www.kb.cert.org/vuls/id/768702
Conectiva Linux advisory: CLA-2005:931
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931
http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10656
Common Vulnerability Exposure (CVE) ID: CVE-2005-0175
BugTraq ID: 12433
http://www.securityfocus.com/bid/12433
CERT/CC vulnerability note: VU#625878
http://www.kb.cert.org/vuls/id/625878
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11605
Common Vulnerability Exposure (CVE) ID: CVE-2005-0211
BugTraq ID: 12432
http://www.securityfocus.com/bid/12432
CERT/CC vulnerability note: VU#886006
http://www.kb.cert.org/vuls/id/886006
http://www.osvdb.org/13319
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9573
http://securitytracker.com/id?1013045
http://secunia.com/advisories/14076

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51622
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:061
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:061. Squid is a full-featured Web proxy cache. A number of errors have been fixed, including: - a buffer overflow in the Gopher relay parser - an integer and buffer overflow in the WCCP message parser - a memory leak in the NTLM fakeauth_auth helper - a NULL pointer de-reference in the NTLM fakeauth_auth helper - a username validation error in squid_ldap_auth - several Squid cache poisoning vulnerabilities For complete details users are advised to view the associated Red Hat advisory referenced below. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-061.html http://www.squid-cache.org/Advisories/SQUID-2005_1.txt http://www.squid-cache.org/Advisories/SQUID-2005_2.txt http://www.squid-cache.org/Advisories/SQUID-2005_3.txt http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0241 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0094 BugTraq ID: 12276 http://www.securityfocus.com/bid/12276 Conectiva Linux advisory: CLA-2005:923 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923 Debian Security Information: DSA-651 (Google Search) http://www.debian.org/security/2005/dsa-651 http://fedoranews.org/updates/FEDORA--.shtml http://security.gentoo.org/glsa/glsa-200501-25.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:014 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11146 http://www.redhat.com/support/errata/RHSA-2005-060.html http://www.redhat.com/support/errata/RHSA-2005-061.html http://secunia.com/advisories/13825 SuSE Security Announcement: SUSE-SA:2005:006 (Google Search) http://www.novell.com/linux/security/advisories/2005_06_squid.html http://www.trustix.org/errata/2005/0003/ Common Vulnerability Exposure (CVE) ID: CVE-2005-0095 BugTraq ID: 12275 http://www.securityfocus.com/bid/12275 http://www.osvdb.org/12886 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10269 http://securitytracker.com/id?1012882 Common Vulnerability Exposure (CVE) ID: CVE-2005-0096 BugTraq ID: 12324 http://www.securityfocus.com/bid/12324 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10233 http://securitytracker.com/id?1012818 Common Vulnerability Exposure (CVE) ID: CVE-2005-0097 BugTraq ID: 12220 http://www.securityfocus.com/bid/12220 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11646 http://secunia.com/advisories/13789 Common Vulnerability Exposure (CVE) ID: CVE-2005-0173 BugTraq ID: 12431 http://www.securityfocus.com/bid/12431 Bugtraq: 20050207 [USN-77-1] Squid vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=110780531820947&w=2 CERT/CC vulnerability note: VU#924198 http://www.kb.cert.org/vuls/id/924198 Debian Security Information: DSA-667 (Google Search) http://www.debian.org/security/2005/dsa-667 http://www.mandriva.com/security/advisories?name=MDKSA-2005:034 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10251 Common Vulnerability Exposure (CVE) ID: CVE-2005-0174 BugTraq ID: 12412 http://www.securityfocus.com/bid/12412 CERT/CC vulnerability note: VU#768702 http://www.kb.cert.org/vuls/id/768702 Conectiva Linux advisory: CLA-2005:931 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931 http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10656 Common Vulnerability Exposure (CVE) ID: CVE-2005-0175 BugTraq ID: 12433 http://www.securityfocus.com/bid/12433 CERT/CC vulnerability note: VU#625878 http://www.kb.cert.org/vuls/id/625878 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11605 Common Vulnerability Exposure (CVE) ID: CVE-2005-0211 BugTraq ID: 12432 http://www.securityfocus.com/bid/12432 CERT/CC vulnerability note: VU#886006 http://www.kb.cert.org/vuls/id/886006 http://www.osvdb.org/13319 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9573 http://securitytracker.com/id?1013045 http://secunia.com/advisories/14076
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com