Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2002:044: squid Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the squid package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2002:044 (squid).
Numerous security problems were fixed in squid-2.4.STABLE7. This releases has
several bugfixes to the Gopher client to correct some security issues. Security
fixes to how squid parses FTP directory listings into HTML have been
implemented. A security fix to how squid forwards proxy authentication
credentials has been applied, as well as the MSNT auth helper has been updated
to fix buffer overflows in the helper. Finally, FTP data channels are now sanity
checked to match the address of the requested FTP server, which prevents
injection of data or theft.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2002:044
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.