ID de Prueba:	1.3.6.1.4.1.25623.1.0.51646
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:060
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:060. A number of vulnerabilities have been discovered in Squid, including: - A buffer overflow flaw was found in the Gopher relay parser. - An integer overflow flaw was found in the WCCP message parser. - A memory leak was found in the NTLM fakeauth_auth helper. - A NULL pointer de-reference bug was found in the NTLM fakeauth_auth helper. - A username validation bug was found in squid_ldap_auth. - The way Squid handles HTTP responses was found to need strengthening. - A bug was found in the way Squid handled oversized HTTP response headers. - A buffer overflow bug was found in the WCCP message parser. For full details on these issues, please visit the referenced advisories listed below. Users of Squid should upgrade to this updated package, which contains backported patches, and is not vulnerable to these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-060.html http://www.squid-cache.org/Advisories/SQUID-2005_1.txt http://www.squid-cache.org/Advisories/SQUID-2005_2.txt http://www.squid-cache.org/Advisories/SQUID-2005_3.txt http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0094 BugTraq ID: 12276 http://www.securityfocus.com/bid/12276 Conectiva Linux advisory: CLA-2005:923 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923 Debian Security Information: DSA-651 (Google Search) http://www.debian.org/security/2005/dsa-651 http://fedoranews.org/updates/FEDORA--.shtml http://security.gentoo.org/glsa/glsa-200501-25.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:014 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11146 http://www.redhat.com/support/errata/RHSA-2005-060.html http://www.redhat.com/support/errata/RHSA-2005-061.html http://secunia.com/advisories/13825 SuSE Security Announcement: SUSE-SA:2005:006 (Google Search) http://www.novell.com/linux/security/advisories/2005_06_squid.html http://www.trustix.org/errata/2005/0003/ Common Vulnerability Exposure (CVE) ID: CVE-2005-0095 BugTraq ID: 12275 http://www.securityfocus.com/bid/12275 http://www.osvdb.org/12886 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10269 http://securitytracker.com/id?1012882 Common Vulnerability Exposure (CVE) ID: CVE-2005-0096 BugTraq ID: 12324 http://www.securityfocus.com/bid/12324 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10233 http://securitytracker.com/id?1012818 Common Vulnerability Exposure (CVE) ID: CVE-2005-0097 BugTraq ID: 12220 http://www.securityfocus.com/bid/12220 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11646 http://secunia.com/advisories/13789 Common Vulnerability Exposure (CVE) ID: CVE-2005-0173 BugTraq ID: 12431 http://www.securityfocus.com/bid/12431 Bugtraq: 20050207 [USN-77-1] Squid vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=110780531820947&w=2 CERT/CC vulnerability note: VU#924198 http://www.kb.cert.org/vuls/id/924198 Debian Security Information: DSA-667 (Google Search) http://www.debian.org/security/2005/dsa-667 http://www.mandriva.com/security/advisories?name=MDKSA-2005:034 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10251 Common Vulnerability Exposure (CVE) ID: CVE-2005-0174 BugTraq ID: 12412 http://www.securityfocus.com/bid/12412 CERT/CC vulnerability note: VU#768702 http://www.kb.cert.org/vuls/id/768702 Conectiva Linux advisory: CLA-2005:931 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931 http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10656 Common Vulnerability Exposure (CVE) ID: CVE-2005-0175 BugTraq ID: 12433 http://www.securityfocus.com/bid/12433 CERT/CC vulnerability note: VU#625878 http://www.kb.cert.org/vuls/id/625878 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11605 Common Vulnerability Exposure (CVE) ID: CVE-2005-0211 BugTraq ID: 12432 http://www.securityfocus.com/bid/12432 CERT/CC vulnerability note: VU#886006 http://www.kb.cert.org/vuls/id/886006 http://www.osvdb.org/13319 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9573 http://securitytracker.com/id?1013045 http://secunia.com/advisories/14076 Common Vulnerability Exposure (CVE) ID: CVE-2005-0241 CERT/CC vulnerability note: VU#823350 http://www.kb.cert.org/vuls/id/823350 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10998 http://secunia.com/advisories/14091 XForce ISS Database: squid-http-cache-poisoning(19060) https://exchange.xforce.ibmcloud.com/vulnerabilities/19060
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.