Family: Red Hat Local Security Checks --> Category: infos
RHSA-2006-0045: squid Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the squid packages
Detailed Explanation for this Vulnerability Test
Updated squid packages that fix a security vulnerability as well as
several bugs are now available.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects.
A denial of service flaw was found in the way squid processes certain NTLM
authentication requests. A remote attacker could send a specially crafted
NTLM authentication request which would cause the Squid server to crash.
The Common Vulnerabilities and Exposures project assigned the name
CVE-2005-2917 to this issue.
Several bugs have also been addressed in this update:
* An error introduced in 2.5.STABLE3-6.3E.14 where Squid can crash if a
user visits a site which has a long DNS record.
* Some authentication helpers were missing needed setuid rights.
* Squid couldn't handle a reply from a HTTP server when the reply began
with the new-line character or wasn't HTTP/1.0 or HTTP/1.1 compliant.
* User-defined error pages were not kept when the squid package was
All users of squid should upgrade to these updated packages, which contain
backported patches to resolve these issues.
Solution : http://rhn.redhat.com/errata/RHSA-2006-0045.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.