English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 74154 CVE descriptions
and 39337 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.51244
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2002:130
Summary:Redhat Security Advisory RHSA-2002:130
Description:
The remote host is missing updates announced in
advisory RHSA-2002:130.

New Squid packages are available which fix various issues.

Squid is a high-performance proxy caching server. The following script_summary(
describes the various issues found and fixed:

Several buffer overflows have been found in the MSTN auth helper
(msnt_auth) when configured to use denyusers or allowusers access control
files.

Several buffer overflows were found in the gopher client of Squid. It
could be possible for a malicious gopher server to cause Squid to crash.

A problem was found in the handling of the FTP data channel, possibly
allowing abuse of the FTP proxy to bypass firewall rules or inject false
FTP replies.

Several possible buffer overflows were found in the code parsing FTP
directories, which potentially allow for an untrusted FTP server to crash
Squid.

Thanks go to Olaf Kirch and the Squid team for notifying us of the
problems and to the Squid team for providing patches.

All users of Squid are advised to upgrade to these errata packages which
contain patches to correct each of these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2002-130.html
http://www.squid-cache.org/Versions/v2/2.4/bugs/

Risk factor : High
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2002-0713
RedHat Security Advisories: RHSA-2002:051
http://rhn.redhat.com/errata/RHSA-2002-051.html
RedHat Security Advisories: RHSA-2002:130
http://rhn.redhat.com/errata/RHSA-2002-130.html
SuSE Security Announcement: SuSE-SA:2002:025 (Google Search)
Caldera Security Advisory: CSSA-2002-046.0
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt
Conectiva Linux advisory: CLA-2002:506
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php
Bugtraq: 20020715 TSLSA-2002-0062 - squid (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=102674543407606&w=2
BugTraq ID: 5155
http://www.securityfocus.com/bid/5155
BugTraq ID: 5156
http://www.securityfocus.com/bid/5156
BugTraq ID: 5157
http://www.securityfocus.com/bid/5157
http://www.iss.net/security_center/static/9482.php
http://www.iss.net/security_center/static/9480.php
http://www.iss.net/security_center/static/9481.php
Common Vulnerability Exposure (CVE) ID: CVE-2002-0715
BugTraq ID: 5154
http://www.securityfocus.com/bid/5154
http://www.iss.net/security_center/static/9478.php
Common Vulnerability Exposure (CVE) ID: CVE-2002-0714
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000506
http://www.iss.net/security_center/static/9479.php
BugTraq ID: 5158
http://www.securityfocus.com/bid/5158
http://www.osvdb.org/5924
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 39337 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.