Fedora 11 : squidGuard-1.4-8.fc11 (2009-10780)

medium Nessus Plugin ID 42379

Synopsis

The remote Fedora host is missing a security update.

Description

Fixes language file issue, but more importantly. . . --------------- squidGuard upstream has released patches fixing (quoting from upstream advisories): a, This patch fixes one buffer overflow problem in sgLog.c when overlong URLs are requested. SquidGuard will then go into emergency mode were no blocking occurs. This is not required in this situation. URL:
http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091015
---- b, This patch fixes two bypass problems with URLs which length is close to the limit defined by MAX_BUF (default: 4096) in squidGuard and MAX_URL (default: 4096 in squid 2.x and 8192 in squid 3.x) in squid. For this kind of URLs the proxy request exceeds MAX_BUF causing squidGuard to complain about not being able to parse the squid request. URL:
http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091019
----

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected squidGuard package.

See Also

http://www.nessus.org/u?83b9c31a

https://www.securityfocus.com/bid/36800/info

http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091015

http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091019

http://www.nessus.org/u?fc5f9286

Plugin Details

Severity: Medium

ID: 42379

File Name: fedora_2009-10780.nasl

Version: 1.17

Type: local

Agent: unix

Published: 11/5/2009

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:squidguard, cpe:/o:fedoraproject:fedora:11

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 10/27/2009

Reference Information

BID: 36800

FEDORA: 2009-10780

Secunia: 37107