FreeBSD : squidGuard -- multiple vulnerabilities (692ab645-bf5d-11de-849b-00151797c2d4)

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

SquidGuard website reports :

Patch 20091015 fixes one buffer overflow problem in sgLog.c when
overlong URLs are requested. SquidGuard will then go into emergency
mode were no blocking occurs. This is not required in this situation.

Patch 20091019 fixes two bypass problems with URLs which length is
close to the limit defined by MAX_BUF (default: 4096) in squidGuard
and MAX_URL (default : 4096 in squid 2.x and 8192 in squid 3.x) in
squid. For this kind of URLs the proxy request exceeds MAX_BUF causing
squidGuard to complain about not being able to parse the squid
request. Increasing the buffer limit to be higher than the one defined
in MAX_URL solves the issue.

See also :

http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091015
http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091019
http://www.nessus.org/u?aacfd4b3

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 42213 (freebsd_pkg_692ab645bf5d11de849b00151797c2d4.nasl)

Bugtraq ID:

CVE ID: CVE-2009-3700
CVE-2009-3826

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now