|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200502-25] Squid: Denial of Service through DNS responses Vulnerability Scan
Vulnerability Scan Summary Squid: Denial of Service through DNS responses
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200502-25
(Squid: Denial of Service through DNS responses)
Handling of certain DNS responses trigger assertion failures.
Impact
By returning a specially crafted DNS response a possible hacker could
cause Squid to crash by triggering an assertion failure.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0446
Solution:
All Squid users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-proxy/squid-2.5.8"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|