Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.54227
Category:Trustix Local Security Checks
Title:Trustix Security Advisory TSLSA-2002-0031 (squid-cron)
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory TSLSA-2002-0031.

From the Squid advisory at
http://www.squid-cache.org/Advisories/SQUID-2002_1.txt

Three security issues have recently been found in the Squid-2.X
releases up to and including 2.4.STABLE3.

a) A memory leak in the optional SNMP interface to Squid,
allowing an malicious user who can send packets to the Squid SNMP
port to possibly perform an denial of service attack on the Squid
proxy service if the SNMP interface has been enabled (disabled by
default).

b) A buffer overflow in the implementation of ftp:// URLs where
users who are allowed to proxy ftp:// URLs via Squid can perform
an denial of service on the proxy service, and possibly even
trigger remote execution of code (not yet confirmed).

c) The optional HTCP interface cannot be properly disabled from
squid.conf even if the documentation claims it can. The HTCP
interface to Squid is not enabled by default, but can be enabled
at compile time using the --enable-htcp configure option and some
vendors distribute Squid binaries with HTCP enabled.

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2002-0031

Risk factor : High

CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.