Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2007:026 (squid)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.57820

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2007:026 (squid)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to squid
announced via advisory MDKSA-2007:026.

A vulnerability in squid was discovered that could be remotely
exploited by using a special ftp:// URL (CVE-2007-0247).

Another Denial of Service vulnerability was discovered in squid 2.6
that allows remote attackers to crash the server by causing an
external_acl_queue overload (CVE-2007-0248).

Additionally, a bug in squid 2.6 for max_user_ip handling in ntlm_auth
has been corrected.

The updated packages have been patched to correct this problem.

Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2007:026
http://www.squid-cache.org/bugs/show_bug.cgi?id=1792

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-0247
BugTraq ID: 22079
http://www.securityfocus.com/bid/22079
http://fedoranews.org/cms/node/2442
http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:026
http://osvdb.org/39839
http://secunia.com/advisories/23767
http://secunia.com/advisories/23805
http://secunia.com/advisories/23810
http://secunia.com/advisories/23837
http://secunia.com/advisories/23889
http://secunia.com/advisories/23921
http://secunia.com/advisories/23946
SuSE Security Announcement: SUSE-SA:2007:012 (Google Search)
http://www.novell.com/linux/security/advisories/2007_12_squid.html
http://www.trustix.org/errata/2007/0003/
http://www.ubuntu.com/usn/usn-414-1
http://www.vupen.com/english/advisories/2007/0199
XForce ISS Database: squid-multiple-dos(31523)
https://exchange.xforce.ibmcloud.com/vulnerabilities/31523
Common Vulnerability Exposure (CVE) ID: CVE-2007-0248
BugTraq ID: 22203
http://www.securityfocus.com/bid/22203
XForce ISS Database: squid-externalacl-dos(31525)
https://exchange.xforce.ibmcloud.com/vulnerabilities/31525

Copyright Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.57820
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2007:026 (squid)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to squid announced via advisory MDKSA-2007:026. A vulnerability in squid was discovered that could be remotely exploited by using a special ftp:// URL (CVE-2007-0247). Another Denial of Service vulnerability was discovered in squid 2.6 that allows remote attackers to crash the server by causing an external_acl_queue overload (CVE-2007-0248). Additionally, a bug in squid 2.6 for max_user_ip handling in ntlm_auth has been corrected. The updated packages have been patched to correct this problem. Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2007:026 http://www.squid-cache.org/bugs/show_bug.cgi?id=1792 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-0247 BugTraq ID: 22079 http://www.securityfocus.com/bid/22079 http://fedoranews.org/cms/node/2442 http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:026 http://osvdb.org/39839 http://secunia.com/advisories/23767 http://secunia.com/advisories/23805 http://secunia.com/advisories/23810 http://secunia.com/advisories/23837 http://secunia.com/advisories/23889 http://secunia.com/advisories/23921 http://secunia.com/advisories/23946 SuSE Security Announcement: SUSE-SA:2007:012 (Google Search) http://www.novell.com/linux/security/advisories/2007_12_squid.html http://www.trustix.org/errata/2007/0003/ http://www.ubuntu.com/usn/usn-414-1 http://www.vupen.com/english/advisories/2007/0199 XForce ISS Database: squid-multiple-dos(31523) https://exchange.xforce.ibmcloud.com/vulnerabilities/31523 Common Vulnerability Exposure (CVE) ID: CVE-2007-0248 BugTraq ID: 22203 http://www.securityfocus.com/bid/22203 XForce ISS Database: squid-externalacl-dos(31525) https://exchange.xforce.ibmcloud.com/vulnerabilities/31525
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com