Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Mandrake Local Security Checks >> MDKSA-2002:016-1: squid

Vulnerability Assessment Details

MDKSA-2002:016-1: squid
Vulnerability Assessment Summary
Check for the version of the squid package

Detailed Explanation for this Vulnerability Assessment

The remote host is missing the patch for the advisory MDKSA-2002:016-1 (squid).


Three security issues were found in the 2.x versions of the Squid proxy server
up to and including 2.4.STABLE3. The first is a memory leak in the optional SNMP
interface to Squid which could permit a malicious user who can send packets to
the Squid SNMP port to possibly perform a Denial of Service attack on ther
server if the SNMP interface is enabled. The next is a buffer overflow in the
implementation of ftp:// URLs where permited users could possibly perform a DoS
on the server, and may be able to trigger remote execution of code (which the
authors have not yet confirmed). The final issue is with the HTCP interface
which cannot be properly disabled from squid.conf
HTCP is enabled by default on
Mandrake Linux systems.
Update:
The squid updates for all versions other than Mandrake Linux were incorrectly
built with LDAP authentication which introduced a dependency on OpenLDAP. These
new packages do not use LDAP authentication. The Single Network Firewall 7.2
package previously released did not use LDAP authentication, however rebuilding
the source RPM package required LDAP to be installed. Single Network Firewall
7.2 users do not need to upgrade to these packages to have a properly function
squid.


Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2002:016-1
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security
Cables, Connectors


512GB USB Flash Drive External Storage Memory Stick For iPhone iPad Android picture

512GB USB Flash Drive External Storage Memory Stick For iPhone iPad Android

$17.59


SanDisk 16GB Ultra USB 3.0 Flash Drive - SDCZ48-016G-U46 picture

SanDisk 16GB Ultra USB 3.0 Flash Drive - SDCZ48-016G-U46

$6.25


SanDisk 128GB Extreme PRO USB 3.2 Solid State Flash Drive - SDCZ880-128G-A46 picture

SanDisk 128GB Extreme PRO USB 3.2 Solid State Flash Drive - SDCZ880-128G-A46

$36.99


SanDisk 128GB Ultra Flair USB 3.0 Flash Drive - SDCZ73-128G-G46 picture

SanDisk 128GB Ultra Flair USB 3.0 Flash Drive - SDCZ73-128G-G46

$12.99


Sandisk 16GB 32GB 64GB 128GB Cruzer Blade Flash Drive Memory Stick USB Lot Pack picture

Sandisk 16GB 32GB 64GB 128GB Cruzer Blade Flash Drive Memory Stick USB Lot Pack

$4.99


New TESLA OEM Model S,3,X,Y USB Flash Drive for Dashcam & Sentry Mode 128GB picture

New TESLA OEM Model S,3,X,Y USB Flash Drive for Dashcam & Sentry Mode 128GB

$18.99


Lenovo USB 16TB 3.0 USB Flash Drive Thumb Disk Silver Transfer Metal Memory picture

Lenovo USB 16TB 3.0 USB Flash Drive Thumb Disk Silver Transfer Metal Memory

$24.99


Mechanical Style Flash Drive USB 3.0 High Speed 16TB Large Capacity Waterproof picture

Mechanical Style Flash Drive USB 3.0 High Speed 16TB Large Capacity Waterproof

$8.37


USB Flash Drive Memory Stick Pendrive Thumb Drive 4GB, 8GB, 32GB, 64GB 128GB LOT picture

USB Flash Drive Memory Stick Pendrive Thumb Drive 4GB, 8GB, 32GB, 64GB 128GB LOT

$249.37


Lot USB Flash Drive Memory Stick Pendrive Thumb Drive 2GB,4GB, 8G, 32G, 64G 128G picture

Lot USB Flash Drive Memory Stick Pendrive Thumb Drive 2GB,4GB, 8G, 32G, 64G 128G

$332.55


Discussions

No Discussions have been posted on this vulnerability.