Mandrake Linux Security Advisory : squid (MDKSA-2004:112)

Medium Nessus Plugin ID 15547


The remote Mandrake Linux host is missing a security update.


iDEFENSE discovered a Denial of Service vulnerability in squid version 2.5.STABLE6 and previous. The problem is due to an ASN1 parsing error where certain header length combinations can slip through the validations performed by the ASN1 parser, leading to the server assuming there is heap corruption or some other exceptional condition, and closing all current connections then restarting.

Squid 2.5.STABLE7 has been released to address this issue; the provided packages are patched to fix the issue.


Update the affected squid package.

See Also

Plugin Details

Severity: Medium

ID: 15547

File Name: mandrake_MDKSA-2004-112.nasl

Version: $Revision: 1.18 $

Type: local

Published: 2004/10/22

Modified: 2013/06/02

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:squid, cpe:/o:mandrakesoft:mandrake_linux:10.0, cpe:/o:mandrakesoft:mandrake_linux:10.1, cpe:/o:mandrakesoft:mandrake_linux:9.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2004/10/21

Reference Information

CVE: CVE-2004-0918

MDKSA: 2004:112

CWE: 399