CentOS 3 : squid (CESA-2006:0045)

medium Nessus Plugin ID 21879

Synopsis

The remote CentOS host is missing a security update.

Description

Updated squid packages that fix a security vulnerability as well as several bugs are now available.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects.

A denial of service flaw was found in the way squid processes certain NTLM authentication requests. A remote attacker could send a specially crafted NTLM authentication request which would cause the Squid server to crash. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2917 to this issue.

Several bugs have also been addressed in this update :

* An error introduced in 2.5.STABLE3-6.3E.14 where Squid can crash if a user visits a site which has a long DNS record.

* Some authentication helpers were missing needed setuid rights.

* Squid couldn't handle a reply from a HTTP server when the reply began with the new-line character or wasn't HTTP/1.0 or HTTP/1.1 compliant.

* User-defined error pages were not kept when the squid package was upgraded.

All users of squid should upgrade to these updated packages, which contain backported patches to resolve these issues.

Solution

Update the affected squid package.

See Also

http://www.nessus.org/u?b34aaf15

http://www.nessus.org/u?cf20e8ad

http://www.nessus.org/u?a60dc0b5

Plugin Details

Severity: Medium

ID: 21879

File Name: centos_RHSA-2006-0045.nasl

Version: 1.16

Type: local

Agent: unix

Published: 7/3/2006

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/o:centos:centos:3, p-cpe:/a:centos:centos:squid

Required KB Items: Host/local_checks_enabled, Host/CentOS/release, Host/CentOS/rpm-list

Patch Publication Date: 3/15/2006

Vulnerability Publication Date: 9/30/2005

Reference Information

CVE: CVE-2005-2917

RHSA: 2006:0045