 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.10.2013.0228 |
| Category: | Mageia Linux Local Security Checks |
| Title: | Mageia: Security Advisory (MGASA-2013-0228) |
| Summary: | The remote host is missing an update for the 'squid' package(s) announced via the MGASA-2013-0228 advisory. |
| Description: | Summary: The remote host is missing an update for the 'squid' package(s) announced via the MGASA-2013-0228 advisory. Vulnerability Insight: Due to incorrect data validation Squid is vulnerable to a buffer overflow attack when processing specially crafted HTTP requests. This problem allows any trusted client or client script who can generate HTTP requests to trigger a buffer overflow in Squid, resulting in a termination of the Squid service (CVE-2013-4115). Due to incorrect data validation Squid is vulnerable to a denial of service attack when processing specially crafted HTTP requests. This problem allows any client who can generate HTTP requests to perform a denial of service attack on the Squid service (CVE-2013-4123). Also, due to being renamed in Squid 3.2, the Squid external acl helpers for matching against IP addresses and LDAP groups were not selected to be built in the squid package for Mageia 3. This has been corrected and these helpers are now included. Additionally, the helpers for eDirectory IP address lookups and matching LDAP groups using Kerberos credentials have also been included. Affected Software/OS: 'squid' package(s) on Mageia 3. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-4115 BugTraq ID: 61111 http://www.securityfocus.com/bid/61111 http://www.openwall.com/lists/oss-security/2013/07/11/8 http://secunia.com/advisories/54076 http://secunia.com/advisories/54834 http://secunia.com/advisories/54839 SuSE Security Announcement: SUSE-SU-2016:1996 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html SuSE Security Announcement: SUSE-SU-2016:2089 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html SuSE Security Announcement: openSUSE-SU-2013:1435 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-09/msg00024.html SuSE Security Announcement: openSUSE-SU-2013:1436 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html SuSE Security Announcement: openSUSE-SU-2013:1441 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-09/msg00030.html SuSE Security Announcement: openSUSE-SU-2013:1443 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html SuSE Security Announcement: openSUSE-SU-2013:1444 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-09/msg00033.html XForce ISS Database: squid-idnsalookup-bo(85564) https://exchange.xforce.ibmcloud.com/vulnerabilities/85564 Common Vulnerability Exposure (CVE) ID: CVE-2013-4123 http://secunia.com/advisories/54142 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |