Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2005:014: squid Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the squid package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2005:014 (squid).
'infamous41md' discovered two vulnerabilities in the squid proxy cache server.
The first is a buffer overflow in the Gopher response parser which leads to
memory corruption and would usually crash squid (CVE-2005-0094). The second is
an integer overflow in the receiver of WCCP (Web Cache Communication Protocol)
messages. A possible hacker could send a specially crafted UDP datagram that would
cause squid to crash (CVE-2005-0095).
The updated packages have been patched to prevent these problems.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:014
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.