Conectiva Local Security Checks : Conectiva Security Advisory CLA-2002:506

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51525

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2002:506

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2002:506.

Squid is a caching/proxy daemon for HTTP, FTP and gopher.

The squid team released squid 2.4.stable7 which fixes a number of
remote vulnerabilities[1] in previous versions:

- Gopher client buffer overflows[2]
- FTP directory parsing buffer overflow[3]
- FTP data channel sanity check[4]
- Proxy authentication credentials forward[5]

An attacker can exploit some of these vulnerabilities to execute
arbitrary code remotely as the user running squid (which in Conectiva
Linux is proxy or nobody), cause a Denial-of-Service (DoS) in the
server or inject/get invalid data in/from the network.

This new release also drops any requests using transfer-encoding[6]
in order to avoid exploits of a known issue[7] in vulnerable apache
web servers. This does not affect the functionality of squid since it
is a HTTP/1.0 proxy and as such it does not support transfer-encoding
requests.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.squid-cache.org/Advisories/SQUID-2002_3.txt
http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE6-gopher
http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE6-ftp_directories
http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE6-ftp_sanitycheck
http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE6-proxy_auth
http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE6-deny_transfer_encoding
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000498&idioma=en
http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:506
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002

Risk factor : High

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51525
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2002:506
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2002:506. Squid is a caching/proxy daemon for HTTP, FTP and gopher. The squid team released squid 2.4.stable7 which fixes a number of remote vulnerabilities[1] in previous versions: - Gopher client buffer overflows[2] - FTP directory parsing buffer overflow[3] - FTP data channel sanity check[4] - Proxy authentication credentials forward[5] An attacker can exploit some of these vulnerabilities to execute arbitrary code remotely as the user running squid (which in Conectiva Linux is proxy or nobody), cause a Denial-of-Service (DoS) in the server or inject/get invalid data in/from the network. This new release also drops any requests using transfer-encoding[6] in order to avoid exploits of a known issue[7] in vulnerable apache web servers. This does not affect the functionality of squid since it is a HTTP/1.0 proxy and as such it does not support transfer-encoding requests. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.squid-cache.org/Advisories/SQUID-2002_3.txt http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE6-gopher http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE6-ftp_directories http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE6-ftp_sanitycheck http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE6-proxy_auth http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE6-deny_transfer_encoding http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000498&idioma=en http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:506 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com