Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Fedora Local Security Checks >> Fedora Core 3 2005-373: squid


Vulnerability Assessment Details

Fedora Core 3 2005-373: squid

Vulnerability Assessment Summary
Check for the version of the squid package

Detailed Explanation for this Vulnerability Assessment

The remote host is missing the patch for the advisory FEDORA-2005-373 (squid).

Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and especially
hot objects cached in RAM, caches DNS lookups, supports non-blocking
DNS lookups, and implements negative caching of failed requests.

Squid consists of a main server program squid, a Domain Name System
lookup program (dnsserver), a program for retrieving FTP data
(ftpget), and some management and client tools.


* Mon May 16 2005 Jay Fenlason 7:2.5.STABLE9-1.FC3.6

- More upstream patches, including ones for
bz#157456 CVE-2005-1519 DNS lookups unreliable on untrusted networks
bz#156162 CVE-1999-0710 cachemgr.cgi access control bypass

- The following bugs had already been fixed, but the announcements
were lost
bz#156711 CVE-2005-1390 HTTP Request Smuggling Vulnerabilities
bz#156703 CVE-2005-1389 HTTP Response Splitting Vulnerabilities
(Both fixed by squid-7:2.5.STABLE8-1.FC3.1)
bz#151419 Unexpected access control results on configuration errors
(Fixed by 7:2.5.STABLE9-1.FC3.2)
bz#152647#squid-2.5.STABLE9-1.FC3.4.x86_64.rpm is broken
(fixed by 7:2.5.STABLE9-1.FC3.5)
bz#141938 squid ldap authentification broken
(Fixed by 7:2.5.STABLE7-1.FC3)

* Fri Apr 1 2005 Jay Fenlason 7:2.5.STABLE9-1.FC3.5

- More upstream patches, including a new version of the -2GB patch
that doesn't break diskd.



Solution : http://www.fedoranews.org/blog/index.php?p=681
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2005 Tenable Network Security

Cables, Connectors

Super Rare Vintage Apple Computer Disney MICKEY'S MAC CLUB Pin 1990's
$4999.99
Super Rare Vintage Apple Computer Disney MICKEY'S MAC CLUB Pin 1990's  picture1995 Grateful Dead Digital Screensaver vintage screen saver CD-ROM CDROM PC MAC
$4.99
1995 Grateful Dead Digital Screensaver vintage screen saver CD-ROM CDROM PC MAC pictureTeazle - 50 Vintage Arcade & Puzzle Games CD-ROM Software Windows 95/98 & MAC
$4.99
Teazle - 50 Vintage Arcade & Puzzle Games CD-ROM Software Windows 95/98 & MAC pictureBeautiful Nudes Vintage CD Rom Windows or Mac 1996 Make Your Own Shows SS Clips
$9.95
Beautiful Nudes Vintage CD Rom Windows or Mac 1996 Make Your Own Shows SS Clips picture


Discussions

No Discussions have been posted on this vulnerability.