Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200501-25 (squid)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.54811

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200501-25 (squid)

Resumen: The remote host is missing updates announced in;advisory GLSA 200501-25.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 200501-25.

Vulnerability Insight:
Squid contains vulnerabilities in the code handling NTLM (NT Lan
Manager), Gopher to HTML, ACLs and WCCP (Web Cache Communication Protocol)
which could lead to ACL bypass, denial of service and arbitrary code
execution.

Solution:
All Squid users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=www-proxy/squid-2.5.7-r2'

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-0094
BugTraq ID: 12276
http://www.securityfocus.com/bid/12276
Conectiva Linux advisory: CLA-2005:923
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923
Debian Security Information: DSA-651 (Google Search)
http://www.debian.org/security/2005/dsa-651
http://fedoranews.org/updates/FEDORA--.shtml
http://security.gentoo.org/glsa/glsa-200501-25.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:014
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11146
http://www.redhat.com/support/errata/RHSA-2005-060.html
http://www.redhat.com/support/errata/RHSA-2005-061.html
http://secunia.com/advisories/13825
SuSE Security Announcement: SUSE-SA:2005:006 (Google Search)
http://www.novell.com/linux/security/advisories/2005_06_squid.html
http://www.trustix.org/errata/2005/0003/
Common Vulnerability Exposure (CVE) ID: CVE-2005-0095
BugTraq ID: 12275
http://www.securityfocus.com/bid/12275
http://www.osvdb.org/12886
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10269
http://securitytracker.com/id?1012882
Common Vulnerability Exposure (CVE) ID: CVE-2005-0096
BugTraq ID: 12324
http://www.securityfocus.com/bid/12324
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10233
http://securitytracker.com/id?1012818
Common Vulnerability Exposure (CVE) ID: CVE-2005-0097
BugTraq ID: 12220
http://www.securityfocus.com/bid/12220
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11646
http://secunia.com/advisories/13789
Common Vulnerability Exposure (CVE) ID: CVE-2005-0194
Bugtraq: 20050221 [USN-84-1] Squid vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=110901183320453&w=2
CERT/CC vulnerability note: VU#260421
http://www.kb.cert.org/vuls/id/260421
Debian Security Information: DSA-667 (Google Search)
http://www.debian.org/security/2005/dsa-667

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.54811
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200501-25 (squid)
Resumen:	The remote host is missing updates announced in;advisory GLSA 200501-25.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 200501-25. Vulnerability Insight: Squid contains vulnerabilities in the code handling NTLM (NT Lan Manager), Gopher to HTML, ACLs and WCCP (Web Cache Communication Protocol) which could lead to ACL bypass, denial of service and arbitrary code execution. Solution: All Squid users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-proxy/squid-2.5.7-r2' CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0094 BugTraq ID: 12276 http://www.securityfocus.com/bid/12276 Conectiva Linux advisory: CLA-2005:923 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923 Debian Security Information: DSA-651 (Google Search) http://www.debian.org/security/2005/dsa-651 http://fedoranews.org/updates/FEDORA--.shtml http://security.gentoo.org/glsa/glsa-200501-25.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:014 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11146 http://www.redhat.com/support/errata/RHSA-2005-060.html http://www.redhat.com/support/errata/RHSA-2005-061.html http://secunia.com/advisories/13825 SuSE Security Announcement: SUSE-SA:2005:006 (Google Search) http://www.novell.com/linux/security/advisories/2005_06_squid.html http://www.trustix.org/errata/2005/0003/ Common Vulnerability Exposure (CVE) ID: CVE-2005-0095 BugTraq ID: 12275 http://www.securityfocus.com/bid/12275 http://www.osvdb.org/12886 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10269 http://securitytracker.com/id?1012882 Common Vulnerability Exposure (CVE) ID: CVE-2005-0096 BugTraq ID: 12324 http://www.securityfocus.com/bid/12324 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10233 http://securitytracker.com/id?1012818 Common Vulnerability Exposure (CVE) ID: CVE-2005-0097 BugTraq ID: 12220 http://www.securityfocus.com/bid/12220 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11646 http://secunia.com/advisories/13789 Common Vulnerability Exposure (CVE) ID: CVE-2005-0194 Bugtraq: 20050221 [USN-84-1] Squid vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=110901183320453&w=2 CERT/CC vulnerability note: VU#260421 http://www.kb.cert.org/vuls/id/260421 Debian Security Information: DSA-667 (Google Search) http://www.debian.org/security/2005/dsa-667
Copyright	Copyright (C) 2008 E-Soft Inc.