This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing a security update.
Multiple vulnerabilities has been found and corrected in squidGuard :
Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote
attackers to cause a denial of service (application hang or loss of
blocking functionality) via a long URL with many / (slash) characters,
related to emergency mode. (CVE-2009-3700).
Multiple buffer overflows in squidGuard 1.4 allow remote attackers to
bypass intended URL blocking via a long URL, related to (1) the
relationship between a certain buffer size in squidGuard and a certain
buffer size in Squid and (2) a redirect URL that contains information
about the originally requested URL (CVE-2009-3826).
squidGuard was upgraded to 1.2.1 for MNF2/CS3/CS4 with additional
upstream security and bug fixes patches applied.
This update fixes these vulnerabilities.
Packages for 2008.0 are provided for Corporate Desktop 2008.0
Update the affected squidGuard package.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : true