Test ID:	1.3.6.1.4.1.25623.1.0.54227
Category:	Trustix Local Security Checks
Title:	Trustix Security Advisory TSLSA-2002-0031 (squid-cron)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory TSLSA-2002-0031. From the Squid advisory at http://www.squid-cache.org/Advisories/SQUID-2002_1.txt Three security issues have recently been found in the Squid-2.X releases up to and including 2.4.STABLE3. a) A memory leak in the optional SNMP interface to Squid, allowing an malicious user who can send packets to the Squid SNMP port to possibly perform an denial of service attack on the Squid proxy service if the SNMP interface has been enabled (disabled by default). b) A buffer overflow in the implementation of ftp:// URLs where users who are allowed to proxy ftp:// URLs via Squid can perform an denial of service on the proxy service, and possibly even trigger remote execution of code (not yet confirmed). c) The optional HTCP interface cannot be properly disabled from squid.conf even if the documentation claims it can. The HTCP interface to Squid is not enabled by default, but can be enabled at compile time using the --enable-htcp configure option and some vendors distribute Squid binaries with HTCP enabled. Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2002-0031 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.