Mandrake Linux Security Advisory : squid (MDKSA-2002:044)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

Numerous security problems were fixed in squid-2.4.STABLE7. This
releases has several bugfixes to the Gopher client to correct some
security issues. Security fixes to how squid parses FTP directory
listings into HTML have been implemented. A security fix to how squid
forwards proxy authentication credentials has been applied, as well as
the MSNT auth helper has been updated to fix buffer overflows in the
helper. Finally, FTP data channels are now sanity checked to match the
address of the requested FTP server, which prevents injection of data
or theft.

See also :

http://www.squid-cache.org/Advisories/SQUID-2002_3.txt

Solution :

Update the affected squid package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 13947 (mandrake_MDKSA-2002-044.nasl)

Bugtraq ID:

CVE ID: CVE-2002-0713
CVE-2002-0714
CVE-2002-0715

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now