Scientific Linux Security Update : squid on SL6.x i386/x86_64

medium Nessus Plugin ID 61135

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

A buffer overflow flaw was found in the way Squid parsed replies from remote Gopher servers. A remote user allowed to send Gopher requests to a Squid proxy could possibly use this flaw to cause the squid child process to crash or execute arbitrary code with the privileges of the squid user, by making Squid perform a request to an attacker-controlled Gopher server.

Users of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically.

Solution

Update the affected squid and / or squid-debuginfo packages.

See Also

http://www.nessus.org/u?9adada2a

Plugin Details

Severity: Medium

ID: 61135

File Name: sl_20110914_squid_on_SL6_x.nasl

Version: 1.5

Type: local

Agent: unix

Published: 8/1/2012

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 9/14/2011

Reference Information

CVE: CVE-2011-3205