Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2005:060

The remote host is missing updates announced in
advisory RHSA-2005:060.

A number of vulnerabilities have been discovered in Squid, including:

- A buffer overflow flaw was found in the Gopher relay parser.
- An integer overflow flaw was found in the WCCP message parser.
- A memory leak was found in the NTLM fakeauth_auth helper.
- A NULL pointer de-reference bug was found in the NTLM fakeauth_auth helper.
- A username validation bug was found in squid_ldap_auth.
- The way Squid handles HTTP responses was found to need strengthening.
- A bug was found in the way Squid handled oversized HTTP response headers.
- A buffer overflow bug was found in the WCCP message parser.

For full details on these issues, please visit the referenced advisories
listed below.

Users of Squid should upgrade to this updated package, which contains
backported patches, and is not vulnerable to these issues.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : High

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-0094
BugTraq ID: 12276
Conectiva Linux advisory: CLA-2005:923
Debian Security Information: DSA-651 (Google Search)
SuSE Security Announcement: SUSE-SA:2005:006 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2005-0095
BugTraq ID: 12275
Common Vulnerability Exposure (CVE) ID: CVE-2005-0096
BugTraq ID: 12324
Common Vulnerability Exposure (CVE) ID: CVE-2005-0097
BugTraq ID: 12220
Common Vulnerability Exposure (CVE) ID: CVE-2005-0173
BugTraq ID: 12431
Bugtraq: 20050207 [USN-77-1] Squid vulnerabilities (Google Search)
CERT/CC vulnerability note: VU#924198
Debian Security Information: DSA-667 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2005-0174
BugTraq ID: 12412
CERT/CC vulnerability note: VU#768702
Conectiva Linux advisory: CLA-2005:931
Common Vulnerability Exposure (CVE) ID: CVE-2005-0175
BugTraq ID: 12433
CERT/CC vulnerability note: VU#625878
Common Vulnerability Exposure (CVE) ID: CVE-2005-0211
BugTraq ID: 12432
CERT/CC vulnerability note: VU#886006
Common Vulnerability Exposure (CVE) ID: CVE-2005-0241
CERT/CC vulnerability note: VU#823350
XForce ISS Database: squid-http-cache-poisoning(19060)
CopyrightCopyright (c) 2005 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.