Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Ubuntu Local Security Checks >> USN19-1 : squid vulnerabilities


Vulnerability Assessment Details

USN19-1 : squid vulnerabilities

Vulnerability Assessment Summary
squid vulnerabilities

Detailed Explanation for this Vulnerability Assessment

Summary :

These remote packages are missing security patches :
- squid
- squid-cgi
- squid-common
- squidclient


Description :

Recently, two Denial of Service vulnerabilities have been discovered
in squid, a WWW proxy cache. Insufficient input validation in the NTLM
authentication handler permited a remote attacker to crash the service
by sending a specially crafted NTLMSSP packet. Likewise, due to an
insufficient validation of ASN.1 headers, a remote attacker could
restart the server (causing all open connections to be dropped) by
sending certain SNMP packets with negative length fields.

Solution :

Upgrade to :
- squid-2.5.5-6ubuntu0.2 (Ubuntu 4.10)
- squid-cgi-2.5.5-6ubuntu0.2 (Ubuntu 4.10)
- squid-common-2.5.5-6ubuntu0.2 (Ubuntu 4.10)
- squidclient-2.5.5-6ubuntu0.2 (Ubuntu 4.10)



Network Security Threat Level: High


Networks Security ID:

Vulnerability Assessment Copyright: Ubuntu Security Notice (C) 2005 Canonical, Inc. / NASL script (C) 2005 Michel Arboi

Cables, Connectors

Soft Rubber Pocket 4GB Flash Disk U-disk Flash Drive Stick USB Flash Memory
$3.14
Soft Rubber Pocket 4GB Flash Disk U-disk Flash Drive Stick USB Flash Memory picture8GB USB 2.0 Flash Drive Stick USB Flash Memory U-disk USB Flash Memory
$4.98
8GB USB 2.0 Flash Drive Stick USB Flash Memory U-disk  USB Flash Memory pictureUSB Flash Drive 1GB USB 2.0 USB TEWENE Memory Stick Thumb Jump Zip Pen Drive for
$32.39
USB Flash Drive 1GB USB 2.0 USB TEWENE Memory Stick Thumb Jump Zip Pen Drive for picture46C9029 81Y4559 81Y4580 IBM SERVERAID M5100 1GB MEMORY FLASH/RAID UPGRADE
$34.0
46C9029 81Y4559 81Y4580 IBM SERVERAID M5100 1GB MEMORY FLASH/RAID UPGRADE picture


Discussions

No Discussions have been posted on this vulnerability.