Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.51646
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2005:060
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2005:060.

A number of vulnerabilities have been discovered in Squid, including:

- A buffer overflow flaw was found in the Gopher relay parser.
- An integer overflow flaw was found in the WCCP message parser.
- A memory leak was found in the NTLM fakeauth_auth helper.
- A NULL pointer de-reference bug was found in the NTLM fakeauth_auth helper.
- A username validation bug was found in squid_ldap_auth.
- The way Squid handles HTTP responses was found to need strengthening.
- A bug was found in the way Squid handled oversized HTTP response headers.
- A buffer overflow bug was found in the WCCP message parser.

For full details on these issues, please visit the referenced advisories
listed below.

Users of Squid should upgrade to this updated package, which contains
backported patches, and is not vulnerable to these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-060.html
http://www.squid-cache.org/Advisories/SQUID-2005_1.txt
http://www.squid-cache.org/Advisories/SQUID-2005_2.txt
http://www.squid-cache.org/Advisories/SQUID-2005_3.txt
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces

Risk factor : High

CVSS Score:
7.5

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-0094
BugTraq ID: 12276
http://www.securityfocus.com/bid/12276
Conectiva Linux advisory: CLA-2005:923
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923
Debian Security Information: DSA-651 (Google Search)
http://www.debian.org/security/2005/dsa-651
http://fedoranews.org/updates/FEDORA--.shtml
http://security.gentoo.org/glsa/glsa-200501-25.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:014
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11146
http://www.redhat.com/support/errata/RHSA-2005-060.html
http://www.redhat.com/support/errata/RHSA-2005-061.html
http://secunia.com/advisories/13825
SuSE Security Announcement: SUSE-SA:2005:006 (Google Search)
http://www.novell.com/linux/security/advisories/2005_06_squid.html
http://www.trustix.org/errata/2005/0003/
Common Vulnerability Exposure (CVE) ID: CVE-2005-0095
BugTraq ID: 12275
http://www.securityfocus.com/bid/12275
http://www.osvdb.org/12886
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10269
http://securitytracker.com/id?1012882
Common Vulnerability Exposure (CVE) ID: CVE-2005-0096
BugTraq ID: 12324
http://www.securityfocus.com/bid/12324
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10233
http://securitytracker.com/id?1012818
Common Vulnerability Exposure (CVE) ID: CVE-2005-0097
BugTraq ID: 12220
http://www.securityfocus.com/bid/12220
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11646
http://secunia.com/advisories/13789
Common Vulnerability Exposure (CVE) ID: CVE-2005-0173
BugTraq ID: 12431
http://www.securityfocus.com/bid/12431
Bugtraq: 20050207 [USN-77-1] Squid vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=110780531820947&w=2
CERT/CC vulnerability note: VU#924198
http://www.kb.cert.org/vuls/id/924198
Debian Security Information: DSA-667 (Google Search)
http://www.debian.org/security/2005/dsa-667
http://www.mandriva.com/security/advisories?name=MDKSA-2005:034
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10251
Common Vulnerability Exposure (CVE) ID: CVE-2005-0174
BugTraq ID: 12412
http://www.securityfocus.com/bid/12412
CERT/CC vulnerability note: VU#768702
http://www.kb.cert.org/vuls/id/768702
Conectiva Linux advisory: CLA-2005:931
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931
http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10656
Common Vulnerability Exposure (CVE) ID: CVE-2005-0175
BugTraq ID: 12433
http://www.securityfocus.com/bid/12433
CERT/CC vulnerability note: VU#625878
http://www.kb.cert.org/vuls/id/625878
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11605
Common Vulnerability Exposure (CVE) ID: CVE-2005-0211
BugTraq ID: 12432
http://www.securityfocus.com/bid/12432
CERT/CC vulnerability note: VU#886006
http://www.kb.cert.org/vuls/id/886006
http://www.osvdb.org/13319
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9573
http://securitytracker.com/id?1013045
http://secunia.com/advisories/14076
Common Vulnerability Exposure (CVE) ID: CVE-2005-0241
CERT/CC vulnerability note: VU#823350
http://www.kb.cert.org/vuls/id/823350
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10998
http://secunia.com/advisories/14091
XForce ISS Database: squid-http-cache-poisoning(19060)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19060
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.