Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2007:026: squid Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the squid package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2007:026 (squid).
A vulnerability in squid was discovered that could be remotely
exploited by using a special ftp:// URL (CVE-2007-0247).
Another Denial of Service vulnerability was discovered in squid 2.6
that allows remote attackers to crash the server by causing an
external_acl_queue overload (CVE-2007-0248).
Additionally, a bug in squid 2.6 for max_user_ip handling in ntlm_auth
has been corrected.
The updated packages have been patched to correct this problem.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2007:026
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.