Mandrake Linux Security Advisory : squid (MDKSA-2005:034)
High Nessus Plugin ID 16377
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionMore vulnerabilities were discovered in the squid server :
The LDAP handling of search filters was inadequate which could be abused to allow logins using severial variants of a single login name, possibly bypassing explicit access controls (CVE-2005-0173).
Minor problems in the HTTP header parsing code that could be used for cache poisoning (CVE-2005-0174 and CVE-2005-0175).
A buffer overflow in the WCCP handling code allowed remote attackers to cause a Denial of Service and could potentially allow for the execution of arbitrary code by using a long WCCP packet.
The updated packages have been patched to prevent these problems.
SolutionUpdate the affected squid package.