Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.67159
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2010:0221
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2010:0221.

Squid is a high-performance proxy caching server for web clients,
supporting FTP, Gopher, and HTTP data objects.

A flaw was found in the way Squid processed certain external ACL helper
HTTP header fields that contained a delimiter that was not a comma. A
remote attacker could issue a crafted request to the Squid server, causing
excessive CPU use (up to 100%). (CVE-2009-2855)

Note: The CVE-2009-2855 issue only affected non-default configurations that
use an external ACL helper script.

A flaw was found in the way Squid handled truncated DNS replies. A remote
attacker able to send specially-crafted UDP packets to Squid's DNS client
port could trigger an assertion failure in Squid's child process, causing
that child process to exit. (CVE-2010-0308)

Solution:
All users of squid should upgrade to this updated package, which resolves
these issues. After installing this update, the squid service will be
restarted automatically.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0221.html
http://www.redhat.com/security/updates/classification/#low

Risk factor : Medium

CVSS Score:
5.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-2855
BugTraq ID: 36091
http://www.securityfocus.com/bid/36091
http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31;filename=diff;att=1;bug=534982
http://www.squid-cache.org/bugs/show_bug.cgi?id=2704
http://www.openwall.com/lists/oss-security/2009/07/20/10
http://www.openwall.com/lists/oss-security/2009/08/03/3
http://www.openwall.com/lists/oss-security/2009/08/04/6
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10592
http://www.securitytracker.com/id?1022757
XForce ISS Database: squid-strlistgetitem-dos(52610)
https://exchange.xforce.ibmcloud.com/vulnerabilities/52610
Common Vulnerability Exposure (CVE) ID: CVE-2010-0308
BugTraq ID: 37522
http://www.securityfocus.com/bid/37522
http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf
http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch
http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9163.patch
http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-9853.patch
http://osvdb.org/62044
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11270
http://www.securitytracker.com/id?1023520
http://secunia.com/advisories/38451
http://secunia.com/advisories/38455
http://www.vupen.com/english/advisories/2010/0260
XForce ISS Database: squid-dns-dos(56001)
https://exchange.xforce.ibmcloud.com/vulnerabilities/56001
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.