|
|
Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2004:025: squid Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the squid package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2004:025 (squid).
A vulnerability was discovered in squid version 2.5.STABLE4 and earlier with the
processing of %-encoded characters in a URL. If a squid configuration uses ACLs
(Access Control Lists), it is possible for a remote attacker to create URLs that
would not be properly tested against squid's ACLs, potentially allowing clients
to access URLs that would otherwise be disallowed.
As well, the provided packages for Mandrake Linux 9.2 and 9.1 include a new
Access Control type called 'urllogin' which can be used to protect vulnerable
Microsoft Internet Explorer clients from accessing URLs that contain login
information. While this Access Control type is available, it is not used in the
default configuration.
The updated packages are patched to protect against these vulnerabilities.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2004:025
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
