This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200903-38
(Squid: Multiple Denial of Service vulnerabilities)
The arrayShrink function in lib/Array.c can cause an array to
shrink to 0 entries, which triggers an assert error. NOTE: this issue
is due to an incorrect fix for CVE-2007-6239 (CVE-2008-1612).
An invalid version number in a HTTP request may trigger an
assertion in HttpMsg.c and HttpStatusLine.c (CVE-2009-0478).
The issues allows for Denial of Service attacks against the service via
an HTTP request with an invalid version number and other specially
There is no known workaround at this time.
See also :
All Squid users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-proxy/squid-2.7.6'
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : true
Family: Gentoo Local Security Checks
Nessus Plugin ID: 36013 (gentoo_GLSA-200903-38.nasl)
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now