 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.52126 |
| Category: | Mandrake Local Security Checks |
| Title: | Mandrake Security Advisory MDKSA-2005:078 (squid) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to squid announced via advisory MDKSA-2005:078. Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings. (CVE-2005-0194) Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies. (CVE-2005-0626) Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previosuly freed memory. (CVE-2005-0718) In addition, due to subtle bugs in the previous backported updates of squid (Bugzilla #14209), all the squid-2.5 versions have been updated to squid-2.5.STABLE9 with all the STABLE9 patches from the squid developers. The updated packages are patched to fix these problems. Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate Server 2.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:078 Risk factor : Critical CVSS Score: 10.0 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2005-0194 Bugtraq: 20050221 [USN-84-1] Squid vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=110901183320453&w=2 CERT/CC vulnerability note: VU#260421 http://www.kb.cert.org/vuls/id/260421 Conectiva Linux advisory: CLA-2005:923 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923 Debian Security Information: DSA-667 (Google Search) http://www.debian.org/security/2005/dsa-667 http://fedoranews.org/updates/FEDORA--.shtml Common Vulnerability Exposure (CVE) ID: CVE-2005-0626 12716 http://www.securityfocus.com/bid/12716 FLSA-2006:152809 RHSA-2005:415 http://www.redhat.com/support/errata/RHSA-2005-415.html USN-93-1 https://usn.ubuntu.com/93-1/ http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-setcookie oval:org.mitre.oval:def:11169 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11169 squid-set-cookie-race-condition(19581) https://exchange.xforce.ibmcloud.com/vulnerabilities/19581 Common Vulnerability Exposure (CVE) ID: CVE-2005-0718 BugTraq ID: 13166 http://www.securityfocus.com/bid/13166 Conectiva Linux advisory: CLA-2005:931 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11562 http://www.redhat.com/support/errata/RHSA-2005-489.html http://secunia.com/advisories/12508 https://usn.ubuntu.com/111-1/ XForce ISS Database: squid-put-post-dos(19919) https://exchange.xforce.ibmcloud.com/vulnerabilities/19919 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |