Mandrake Linux Security Advisory : squid (MDKSA-2004:112)

medium Nessus Plugin ID 15547

Synopsis

The remote Mandrake Linux host is missing a security update.

Description

iDEFENSE discovered a Denial of Service vulnerability in squid version 2.5.STABLE6 and previous. The problem is due to an ASN1 parsing error where certain header length combinations can slip through the validations performed by the ASN1 parser, leading to the server assuming there is heap corruption or some other exceptional condition, and closing all current connections then restarting.

Squid 2.5.STABLE7 has been released to address this issue; the provided packages are patched to fix the issue.

Solution

Update the affected squid package.

See Also

http://www.nessus.org/u?d34310cf

Plugin Details

Severity: Medium

ID: 15547

File Name: mandrake_MDKSA-2004-112.nasl

Version: 1.21

Type: local

Published: 10/22/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:squid, cpe:/o:mandrakesoft:mandrake_linux:10.0, cpe:/o:mandrakesoft:mandrake_linux:10.1, cpe:/o:mandrakesoft:mandrake_linux:9.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 10/21/2004

Reference Information

CVE: CVE-2004-0918

CWE: 399

MDKSA: 2004:112