Fedora Core 1 : squid-2.5.STABLE3-1.fc1 (2004-104)

This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.


Synopsis :

The remote Fedora Core host is missing a security update.

Description :

- Tue Mar 09 2004 Jay Fenlason <fenlason at redhat.com>
7:2.5.STABLE3-1.fc1

- Backport security fix for %00 hole. See CVE-2004-0189:
The '%xx' URL decoding function in Squid 2.5STABLE4 and
earlier allows remote attackers to bypass url_regex ACLs
via a URL with a NULL ('%00') character, which causes
Squid to use only a portion of the requested URL when
comparing it against the access control lists.

- Backport security fix that adds urllogin acl type that
can be used to protect vulnerable Microsoft Internet
Explorer clients.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?87ca6a6b

Solution :

Update the affected squid and / or squid-debuginfo packages.

Risk factor :

High

Family: Fedora Local Security Checks

Nessus Plugin ID: 13687 (fedora_2004-104.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now