Test Kennung:	1.3.6.1.4.1.25623.1.0.67159
Kategorie:	Red Hat Local Security Checks
Titel:	RedHat Security Advisory RHSA-2010:0221
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory RHSA-2010:0221. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A flaw was found in the way Squid processed certain external ACL helper HTTP header fields that contained a delimiter that was not a comma. A remote attacker could issue a crafted request to the Squid server, causing excessive CPU use (up to 100%). (CVE-2009-2855) Note: The CVE-2009-2855 issue only affected non-default configurations that use an external ACL helper script. A flaw was found in the way Squid handled truncated DNS replies. A remote attacker able to send specially-crafted UDP packets to Squid's DNS client port could trigger an assertion failure in Squid's child process, causing that child process to exit. (CVE-2010-0308) Solution: All users of squid should upgrade to this updated package, which resolves these issues. After installing this update, the squid service will be restarted automatically. Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0221.html http://www.redhat.com/security/updates/classification/#low Risk factor : Medium CVSS Score: 5.0
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2855 BugTraq ID: 36091 http://www.securityfocus.com/bid/36091 http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31;filename=diff;att=1;bug=534982 http://www.squid-cache.org/bugs/show_bug.cgi?id=2704 http://www.openwall.com/lists/oss-security/2009/07/20/10 http://www.openwall.com/lists/oss-security/2009/08/03/3 http://www.openwall.com/lists/oss-security/2009/08/04/6 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10592 http://www.securitytracker.com/id?1022757 XForce ISS Database: squid-strlistgetitem-dos(52610) https://exchange.xforce.ibmcloud.com/vulnerabilities/52610 Common Vulnerability Exposure (CVE) ID: CVE-2010-0308 BugTraq ID: 37522 http://www.securityfocus.com/bid/37522 http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9163.patch http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-9853.patch http://osvdb.org/62044 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11270 http://www.securitytracker.com/id?1023520 http://secunia.com/advisories/38451 http://secunia.com/advisories/38455 http://www.vupen.com/english/advisories/2010/0260 XForce ISS Database: squid-dns-dos(56001) https://exchange.xforce.ibmcloud.com/vulnerabilities/56001
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.