Test ID:	1.3.6.1.4.1.25623.1.0.870678
Category:	Red Hat Local Security Checks
Title:	RedHat Update for squid RHSA-2011:1293-01
Summary:	The remote host is missing an update for the 'squid'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'squid' package(s) announced via the referenced advisory. Vulnerability Insight: Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A buffer overflow flaw was found in the way Squid parsed replies from remote Gopher servers. A remote user allowed to send Gopher requests to a Squid proxy could possibly use this flaw to cause the squid child process to crash or execute arbitrary code with the privileges of the squid user, by making Squid perform a request to an attacker-controlled Gopher server. (CVE-2011-3205) Users of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically. Affected Software/OS: squid on Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3205 1025981 http://securitytracker.com/id?1025981 45805 http://secunia.com/advisories/45805 45906 http://secunia.com/advisories/45906 45920 http://secunia.com/advisories/45920 45965 http://secunia.com/advisories/45965 46029 http://secunia.com/advisories/46029 49356 http://www.securityfocus.com/bid/49356 74847 http://www.osvdb.org/74847 DSA-2304 http://www.debian.org/security/2011/dsa-2304 FEDORA-2011-11854 http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html MDVSA-2011:150 http://www.mandriva.com/security/advisories?name=MDVSA-2011:150 RHSA-2011:1293 http://www.redhat.com/support/errata/RHSA-2011-1293.html SUSE-SU-2011:1019 http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html SUSE-SU-2016:1996 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html SUSE-SU-2016:2089 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html [oss-security] 20110829 CVE-request(?): squid: buffer overflow in Gopher reply parser http://openwall.com/lists/oss-security/2011/08/29/2 [oss-security] 20110830 Re: CVE-request(?): squid: buffer overflow in Gopher reply parser http://openwall.com/lists/oss-security/2011/08/30/4 http://openwall.com/lists/oss-security/2011/08/30/8 http://www.squid-cache.org/Advisories/SQUID-2011_3.txt http://www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patch http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patch http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patch https://bugzilla.redhat.com/show_bug.cgi?id=734583 openSUSE-SU-2011:1018 http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.