Test ID:	1.3.6.1.4.1.25623.1.0.54536
Category:	Gentoo Local Security Checks
Title:	Gentoo Security Advisory GLSA 200403-11 (Squid)
Summary:	The remote host is missing updates announced in;advisory GLSA 200403-11.
Description:	Summary: The remote host is missing updates announced in advisory GLSA 200403-11. Vulnerability Insight: Squid versions 2.0 through to 2.5.STABLE4 could allow a remote attacker to bypass Access Control Lists by sending a specially-crafted URL request containing '%00': in such circumstances. The url_regex ACL may not properly detect the malicious URL, allowing the attacker to effectively bypass the ACL. Solution: Squid can be updated as follows: # emerge sync # emerge -pv '>=www-proxy/squid-2.5.5' # emerge '>=www-proxy/squid-2.5.5' CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0189 BugTraq ID: 9778 http://www.securityfocus.com/bid/9778 Bugtraq: 20040401 [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid) (Google Search) http://marc.info/?l=bugtraq&m=108084935904110&w=2 Conectiva Linux advisory: CLA-2004:838 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000838 Debian Security Information: DSA-474 (Google Search) http://www.debian.org/security/2004/dsa-474 http://security.gentoo.org/glsa/glsa-200403-11.xml http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025 http://www.osvdb.org/5916 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A877 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A941 http://www.redhat.com/support/errata/RHSA-2004-133.html http://www.redhat.com/support/errata/RHSA-2004-134.html SCO Security Bulletin: SCOSA-2005.16 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt SGI Security Advisory: 20040404-01-U ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc XForce ISS Database: squid-urlregex-acl-bypass(15366) https://exchange.xforce.ibmcloud.com/vulnerabilities/15366
Copyright	Copyright (C) 2008 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.