This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.
The remote Scientific Linux host is missing a security update.
A flaw was found in the way Squid processed certain external ACL
helper HTTP header fields that contained a delimiter that was not a
comma. A remote attacker could issue a crafted request to the Squid
server, causing excessive CPU use (up to 100%). (CVE-2009-2855)
Note: The CVE-2009-2855 issue only affected non-default configurations
that use an external ACL helper script.
A flaw was found in the way Squid handled truncated DNS replies. A
remote attacker able to send specially crafted UDP packets to Squid's
DNS client port could trigger an assertion failure in Squid's child
process, causing that child process to exit. (CVE-2010-0308)
This update also fixes the following bugs :
- Squid's init script returns a non-zero value when trying
to stop a stopped service. This is not LSB compliant and
can generate difficulties in cluster environments. This
update makes stopping LSB compliant. (BZ#521926)
- Squid is not currently built to support MAC address
filtering in ACLs. This update includes support for MAC
address filtering. (BZ#496170)
- Squid is not currently built to support Kerberos
negotiate authentication. This update enables Kerberos
- Squid does not include the port number as part of URIs
it constructs when configured as an accelerator. This
results in a 403 error. This update corrects this
- the error_map feature does not work if the same handling
is set also on the HTTP server that operates in deflate
mode. This update fixes this issue. (BZ#470843)
After installing this update, the squid service will be restarted
See also :
Update the affected squid package.
Risk factor :
Medium / CVSS Base Score : 5.0
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 60775 ()
CVE ID: CVE-2009-2855CVE-2010-0308
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.