|
Family: Ubuntu Local Security Checks --> Category: infos
USN84-1 : squid vulnerabilities Vulnerability Scan
Vulnerability Scan Summary squid vulnerabilities
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- squid
- squid-cgi
- squid-common
- squidclient
Description :
When parsing the configuration file, squid interpreted empty Access
Control Lists (ACLs) without defined authentication schemes in a
non-obvious way. This could allow remote attackers to bypass intended
ACLs. (CVE-2005-0194)
A remote Denial of Service vulnerability was discovered in the domain
name resolution code. A faulty or malicious DNS server could stop the
Squid server immediately by sending a malformed IP address.
(CVE-2005-0446)
Solution :
Upgrade to :
- squid-2.5.5-6ubuntu0.5 (Ubuntu 4.10)
- squid-cgi-2.5.5-6ubuntu0.5 (Ubuntu 4.10)
- squid-common-2.5.5-6ubuntu0.5 (Ubuntu 4.10)
- squidclient-2.5.5-6ubuntu0.5 (Ubuntu 4.10)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|