Mandrake Linux Security Advisory : squid (MDKSA-2004:112)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

iDEFENSE discovered a Denial of Service vulnerability in squid version
2.5.STABLE6 and previous. The problem is due to an ASN1 parsing error
where certain header length combinations can slip through the
validations performed by the ASN1 parser, leading to the server
assuming there is heap corruption or some other exceptional condition,
and closing all current connections then restarting.

Squid 2.5.STABLE7 has been released to address this issue; the
provided packages are patched to fix the issue.

See also :

http://www.nessus.org/u?d34310cf

Solution :

Update the affected squid package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 15547 (mandrake_MDKSA-2004-112.nasl)

Bugtraq ID:

CVE ID: CVE-2004-0918

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now