Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2004:025 (squid)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50664

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2004:025 (squid)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to squid
announced via advisory MDKSA-2004:025.

A vulnerability was discovered in squid version 2.5.STABLE4 and
earlier with the processing of %-encoded characters in a URL. If a
squid configuration uses ACLs (Access Control Lists), it is possible
for a remote attacker to create URLs that would not be properly tested
against squid's ACLs, potentially allowing clients to access URLs that
would otherwise be disallowed.

As well, the provided packages for Mandrake Linux 9.2 and 9.1 include a
new Access Control type called urllogin which can be used to protect
vulnerable Microsoft Internet Explorer clients from accessing URLs that
contain login information. While this Access Control type is available,
it is not used in the default configuration.

The updated packages are patched to protect against these
vulnerabilities.

Affected versions: 9.1, 9.2, 10.0, Corporate Server 2.1,
Multi Network Firewall 8.2

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2004:025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0189
http://www.squid-cache.org/Advisories/SQUID-2004_1.txt
http://www.microsoft.com/security/incident/spoof.asp

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: BugTraq ID: 9778
Common Vulnerability Exposure (CVE) ID: CVE-2004-0189
http://www.securityfocus.com/bid/9778
Bugtraq: 20040401 [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid) (Google Search)
http://marc.info/?l=bugtraq&m=108084935904110&w=2
Conectiva Linux advisory: CLA-2004:838
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000838
Debian Security Information: DSA-474 (Google Search)
http://www.debian.org/security/2004/dsa-474
http://security.gentoo.org/glsa/glsa-200403-11.xml
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025
http://www.osvdb.org/5916
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A877
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A941
http://www.redhat.com/support/errata/RHSA-2004-133.html
http://www.redhat.com/support/errata/RHSA-2004-134.html
SCO Security Bulletin: SCOSA-2005.16
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt
SGI Security Advisory: 20040404-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc
XForce ISS Database: squid-urlregex-acl-bypass(15366)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15366

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50664
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2004:025 (squid)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to squid announced via advisory MDKSA-2004:025. A vulnerability was discovered in squid version 2.5.STABLE4 and earlier with the processing of %-encoded characters in a URL. If a squid configuration uses ACLs (Access Control Lists), it is possible for a remote attacker to create URLs that would not be properly tested against squid's ACLs, potentially allowing clients to access URLs that would otherwise be disallowed. As well, the provided packages for Mandrake Linux 9.2 and 9.1 include a new Access Control type called urllogin which can be used to protect vulnerable Microsoft Internet Explorer clients from accessing URLs that contain login information. While this Access Control type is available, it is not used in the default configuration. The updated packages are patched to protect against these vulnerabilities. Affected versions: 9.1, 9.2, 10.0, Corporate Server 2.1, Multi Network Firewall 8.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2004:025 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0189 http://www.squid-cache.org/Advisories/SQUID-2004_1.txt http://www.microsoft.com/security/incident/spoof.asp Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 9778 Common Vulnerability Exposure (CVE) ID: CVE-2004-0189 http://www.securityfocus.com/bid/9778 Bugtraq: 20040401 [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid) (Google Search) http://marc.info/?l=bugtraq&m=108084935904110&w=2 Conectiva Linux advisory: CLA-2004:838 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000838 Debian Security Information: DSA-474 (Google Search) http://www.debian.org/security/2004/dsa-474 http://security.gentoo.org/glsa/glsa-200403-11.xml http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025 http://www.osvdb.org/5916 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A877 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A941 http://www.redhat.com/support/errata/RHSA-2004-133.html http://www.redhat.com/support/errata/RHSA-2004-134.html SCO Security Bulletin: SCOSA-2005.16 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt SGI Security Advisory: 20040404-01-U ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc XForce ISS Database: squid-urlregex-acl-bypass(15366) https://exchange.xforce.ibmcloud.com/vulnerabilities/15366
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com