Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.52126 |
Categoría: | Mandrake Local Security Checks |
Título: | Mandrake Security Advisory MDKSA-2005:078 (squid) |
Resumen: | NOSUMMARY |
Descripción: | Description: The remote host is missing an update to squid announced via advisory MDKSA-2005:078. Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings. (CVE-2005-0194) Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies. (CVE-2005-0626) Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previosuly freed memory. (CVE-2005-0718) In addition, due to subtle bugs in the previous backported updates of squid (Bugzilla #14209), all the squid-2.5 versions have been updated to squid-2.5.STABLE9 with all the STABLE9 patches from the squid developers. The updated packages are patched to fix these problems. Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate Server 2.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:078 Risk factor : Critical CVSS Score: 10.0 |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2005-0194 Bugtraq: 20050221 [USN-84-1] Squid vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=110901183320453&w=2 CERT/CC vulnerability note: VU#260421 http://www.kb.cert.org/vuls/id/260421 Conectiva Linux advisory: CLA-2005:923 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923 Debian Security Information: DSA-667 (Google Search) http://www.debian.org/security/2005/dsa-667 http://fedoranews.org/updates/FEDORA--.shtml Common Vulnerability Exposure (CVE) ID: CVE-2005-0626 BugTraq ID: 12716 http://www.securityfocus.com/bid/12716 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11169 http://www.redhat.com/support/errata/RHSA-2005-415.html https://usn.ubuntu.com/93-1/ XForce ISS Database: squid-set-cookie-race-condition(19581) https://exchange.xforce.ibmcloud.com/vulnerabilities/19581 Common Vulnerability Exposure (CVE) ID: CVE-2005-0718 BugTraq ID: 13166 http://www.securityfocus.com/bid/13166 Conectiva Linux advisory: CLA-2005:931 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11562 http://www.redhat.com/support/errata/RHSA-2005-489.html http://secunia.com/advisories/12508 https://usn.ubuntu.com/111-1/ XForce ISS Database: squid-put-post-dos(19919) https://exchange.xforce.ibmcloud.com/vulnerabilities/19919 |
Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |