FreeBSD Local Security Checks : FreeBSD Ports: squid

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.68101

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: squid

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: squid

CVE-2010-3072
The string-comparison functions in String.cci in Squid 3.x before
3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a
denial of service (NULL pointer dereference and daemon crash) via a
crafted request.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-3072
41298
http://secunia.com/advisories/41298
41477
http://secunia.com/advisories/41477
41534
http://secunia.com/advisories/41534
42982
http://www.securityfocus.com/bid/42982
ADV-2010-2433
http://www.vupen.com/english/advisories/2010/2433
DSA-2111
http://www.debian.org/security/2010/dsa-2111
FEDORA-2010-14222
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047787.html
FEDORA-2010-14236
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047820.html
SUSE-SR:2010:019
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
[oss-security] 20100905 CVE Request -- Squid -- Denial of service due internal error in string handling (SQUID-2010:3)
http://www.openwall.com/lists/oss-security/2010/09/05/2
[oss-security] 20100907 Re: CVE Request -- Squid -- Denial of service due internal error in string handling (SQUID-2010:3)
http://www.openwall.com/lists/oss-security/2010/09/07/7
http://www.squid-cache.org/Advisories/SQUID-2010_3.txt
http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9189.patch
http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10090.patch
https://bugzilla.redhat.com/show_bug.cgi?id=630444

Copyright Copyright (C) 2010 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.68101
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: squid
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: squid CVE-2010-3072 The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3072 41298 http://secunia.com/advisories/41298 41477 http://secunia.com/advisories/41477 41534 http://secunia.com/advisories/41534 42982 http://www.securityfocus.com/bid/42982 ADV-2010-2433 http://www.vupen.com/english/advisories/2010/2433 DSA-2111 http://www.debian.org/security/2010/dsa-2111 FEDORA-2010-14222 http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047787.html FEDORA-2010-14236 http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047820.html SUSE-SR:2010:019 http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html [oss-security] 20100905 CVE Request -- Squid -- Denial of service due internal error in string handling (SQUID-2010:3) http://www.openwall.com/lists/oss-security/2010/09/05/2 [oss-security] 20100907 Re: CVE Request -- Squid -- Denial of service due internal error in string handling (SQUID-2010:3) http://www.openwall.com/lists/oss-security/2010/09/07/7 http://www.squid-cache.org/Advisories/SQUID-2010_3.txt http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9189.patch http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10090.patch https://bugzilla.redhat.com/show_bug.cgi?id=630444
Copyright	Copyright (C) 2010 E-Soft Inc.