ID de Prueba:	1.3.6.1.4.1.25623.1.0.51629
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2005:034 (squid)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to squid announced via advisory MDKSA-2005:034. More vulnerabilities were discovered in the squid server: The LDAP handling of search filters was inadequate which could be abused to allow logins using severial variants of a single login name, possibly bypassing explicit access controls (CVE-2005-0173). Minor problems in the HTTP header parsing code that could be used for cache poisoning (CVE-2005-0174 and CVE-2005-0175). A buffer overflow in the WCCP handling code allowed remote attackers to cause a Denial of Service and could potentially allow for the execution of arbitrary code by using a long WCCP packet. The updated packages have been patched to prevent these problems. Affected versions: 10.0, 10.1, 9.2, Corporate 3.0, Corporate Server 2.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2005:034 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0211 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0174 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0175 http://www.squid-cache.org/Advisories/SQUID-2005_3.txt Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0173 BugTraq ID: 12431 http://www.securityfocus.com/bid/12431 Bugtraq: 20050207 [USN-77-1] Squid vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=110780531820947&w=2 CERT/CC vulnerability note: VU#924198 http://www.kb.cert.org/vuls/id/924198 Conectiva Linux advisory: CLA-2005:923 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923 Debian Security Information: DSA-667 (Google Search) http://www.debian.org/security/2005/dsa-667 http://fedoranews.org/updates/FEDORA--.shtml http://www.mandriva.com/security/advisories?name=MDKSA-2005:034 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10251 http://www.redhat.com/support/errata/RHSA-2005-060.html http://www.redhat.com/support/errata/RHSA-2005-061.html SuSE Security Announcement: SUSE-SA:2005:006 (Google Search) http://www.novell.com/linux/security/advisories/2005_06_squid.html Common Vulnerability Exposure (CVE) ID: CVE-2005-0174 BugTraq ID: 12412 http://www.securityfocus.com/bid/12412 CERT/CC vulnerability note: VU#768702 http://www.kb.cert.org/vuls/id/768702 Conectiva Linux advisory: CLA-2005:931 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931 http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10656 Common Vulnerability Exposure (CVE) ID: CVE-2005-0175 BugTraq ID: 12433 http://www.securityfocus.com/bid/12433 CERT/CC vulnerability note: VU#625878 http://www.kb.cert.org/vuls/id/625878 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11605 Common Vulnerability Exposure (CVE) ID: CVE-2005-0211 BugTraq ID: 12432 http://www.securityfocus.com/bid/12432 CERT/CC vulnerability note: VU#886006 http://www.kb.cert.org/vuls/id/886006 http://www.osvdb.org/13319 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9573 http://securitytracker.com/id?1013045 http://secunia.com/advisories/14076
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.