ID de Prueba:	1.3.6.1.4.1.25623.1.0.64951
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:241 (squid)
Resumen:	The remote host is missing an update to squid;announced via advisory MDVSA-2009:241.
Descripción:	Summary: The remote host is missing an update to squid announced via advisory MDVSA-2009:241. Vulnerability Insight: A vulnerability was discovered and corrected in squid: The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function (CVE-2009-2855). This update provides a solution to this vulnerability. Affected: Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2855 BugTraq ID: 36091 http://www.securityfocus.com/bid/36091 http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31;filename=diff;att=1;bug=534982 http://www.squid-cache.org/bugs/show_bug.cgi?id=2704 http://www.openwall.com/lists/oss-security/2009/07/20/10 http://www.openwall.com/lists/oss-security/2009/08/03/3 http://www.openwall.com/lists/oss-security/2009/08/04/6 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10592 http://www.securitytracker.com/id?1022757 XForce ISS Database: squid-strlistgetitem-dos(52610) https://exchange.xforce.ibmcloud.com/vulnerabilities/52610
Copyright	Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.