Test ID:	1.3.6.1.4.1.25623.1.0.66960
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-904-1 (squid)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to squid announced via advisory USN-904-1. Details follow: It was discovered that Squid incorrectly handled certain malformed packets received on the HTCP port. A remote attacker could exploit this with a specially-crafted packet and cause Squid to crash, resulting in a denial of service. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: squid 2.6.18-1ubuntu3.2 Ubuntu 8.10: squid 2.7.STABLE3-1ubuntu2.3 Ubuntu 9.04: squid 2.7.STABLE3-4.1ubuntu1.2 Ubuntu 9.10: squid 2.7.STABLE6-2ubuntu2.2 In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-904-1 Risk factor : Medium CVSS Score: 5.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0639 BugTraq ID: 38212 http://www.securityfocus.com/bid/38212 http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037159.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035961.html http://bugs.squid-cache.org/show_bug.cgi?id=2858 http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patch http://osvdb.org/62297 http://www.securitytracker.com/id?1023587 http://secunia.com/advisories/38812 http://www.vupen.com/english/advisories/2010/0371 http://www.vupen.com/english/advisories/2010/0603
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.