Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.53034
Kategorie:Red Hat Local Security Checks
Titel:RedHat Security Advisory RHSA-2005:489
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing updates announced in
advisory RHSA-2005:489.

Squid is a full-featured Web proxy cache.

A bug was found in the way Squid handles PUT and POST requests. It is
possible for an authorised remote user to cause a failed PUT or POST
request which can cause Squid to crash. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2005-0718 to
this issue.

A bug was found in the way Squid handles access to the cachemgr.cgi script.
It is possible for an authorised remote user to bypass access control
lists with this flaw. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-1999-0710 to this issue.

A bug was found in the way Squid handles DNS replies. If the port Squid
uses for DNS requests is not protected by a firewall, it is possible for a
remote attacker to spoof DNS replies, possibly redirecting a user to
spoofed or malicious content. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2005-1519 to this issue.

Additionally, this update fixes the following bugs:
- squid fails in the unpacking of squid-2.4.STABLE7-1.21as.5.src.rpm

Users of Squid should upgrade to this updated package, which contains
backported patches to correct these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-489.html

Risk factor : High

CVSS Score:
7.5

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-1999-0710
BugTraq ID: 2059
http://www.securityfocus.com/bid/2059
Bugtraq: 19990725 Redhat 6.0 cachemgr.cgi lameness (Google Search)
Debian Security Information: DSA-576 (Google Search)
http://www.debian.org/security/2004/dsa-576
http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html
http://fedoranews.org/updates/FEDORA--.shtml
http://www.redhat.com/support/errata/RHSA-1999-025.html
http://www.redhat.com/support/errata/RHSA-2005-489.html
XForce ISS Database: http-cgi-cachemgr(2385)
https://exchange.xforce.ibmcloud.com/vulnerabilities/2385
Common Vulnerability Exposure (CVE) ID: CVE-2005-0718
BugTraq ID: 13166
http://www.securityfocus.com/bid/13166
Conectiva Linux advisory: CLA-2005:931
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11562
http://www.redhat.com/support/errata/RHSA-2005-415.html
http://secunia.com/advisories/12508
https://usn.ubuntu.com/111-1/
XForce ISS Database: squid-put-post-dos(19919)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19919
Common Vulnerability Exposure (CVE) ID: CVE-2005-1519
BugTraq ID: 13592
http://www.securityfocus.com/bid/13592
Debian Security Information: DSA-751 (Google Search)
http://www.debian.org/security/2005/dsa-751
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9976
http://secunia.com/advisories/15294
http://www.vupen.com/english/advisories/2005/0521
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.