Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Mandrake Local Security Checks --> Category: infos

MDKSA-2004:025: squid Vulnerability Scan

Vulnerability Scan Summary
Check for the version of the squid package

Detailed Explanation for this Vulnerability Test

The remote host is missing the patch for the advisory MDKSA-2004:025 (squid).

A vulnerability was discovered in squid version 2.5.STABLE4 and earlier with the
processing of %-encoded characters in a URL. If a squid configuration uses ACLs
(Access Control Lists), it is possible for a remote attacker to create URLs that
would not be properly tested against squid's ACLs, potentially allowing clients
to access URLs that would otherwise be disallowed.
As well, the provided packages for Mandrake Linux 9.2 and 9.1 include a new
Access Control type called 'urllogin' which can be used to protect vulnerable
Microsoft Internet Explorer clients from accessing URLs that contain login
information. While this Access Control type is available, it is not used in the
default configuration.
The updated packages are patched to protect against these vulnerabilities.

Solution :
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.