Support / Sécurité / Annonces de sécurité / Corporate Server 1.0.1 / MDKSA-2002:016

Nom du paquet: squid
Date: 2002-02-21
Advisory ID: MDKSA-2002:016
Affected versions: 8.1 i586 , SNF7.2 i586 , CS1.0 i586 , 8.1 i586 , 8.0 i586 , 8.0 i586 , 7.1 i586 , 7.2 i586

Problem description

Three security issues were found in the 2.x versions of the Squid proxy server up to and including 2.4.STABLE3. The first is a memory leak in the optional SNMP interface to Squid which could allow a malicious user who can send packets to the Squid SNMP port to possibly perform a Denial of Service attack on ther server if the SNMP interface is enabled. The next is a buffer overflow in the implementation of ftp:// URLs where allowed users could possibly perform a DoS on the server, and may be able to trigger remote execution of code (which the authors have not yet confirmed). The final issue is with the HTCP interface which cannot be properly disabled from squid.conf; HTCP is enabled by default on Mandrake Linux systems.

Updated packages

8.1 i586

 33b15c28c8437c979cd2a2f7c9822ec2  ia64/8.1/RPMS/squid-2.4.STABLE4-1.1mdk.ia64.rpm
4c0f0348686569ff02135144843446c4  ia64/8.1/SRPMS/squid-2.4.STABLE4-1.1mdk.src.rpm

SNF7.2 i586

 171b3a7ab30d6a8d59cffb77169fe8a5  snf7.2/RPMS/squid-2.4.STABLE4-1.4mdk.i586.rpm
5fcb0ab989bb951682b417b8df6f24be  snf7.2/SRPMS/squid-2.4.STABLE4-1.4mdk.src.rpm

CS1.0 i586

 49845545fb8c7030e93a10a83140a95d  1.0.1/RPMS/squid-2.4.STABLE4-1.2mdk.i586.rpm
48d265d7e5422a4a5c10a52e3dc0f1f6  1.0.1/SRPMS/squid-2.4.STABLE4-1.2mdk.src.rpm

8.1 i586

 b2e0af43c831b5c6aa5df12dd28c3a75  8.1/RPMS/squid-2.4.STABLE4-1.1mdk.i586.rpm
4c0f0348686569ff02135144843446c4  8.1/SRPMS/squid-2.4.STABLE4-1.1mdk.src.rpm

8.0 i586

 4516b0211e4c467da7dedb7a50f33019  8.0/RPMS/squid-2.4.STABLE4-1.3mdk.i586.rpm
5abe989099da57d849e3261c1c6d7e2b  8.0/SRPMS/squid-2.4.STABLE4-1.3mdk.src.rpm

8.0 i586

 2374d373bee20ea19379eb83ca367890  ppc/8.0/RPMS/squid-2.4.STABLE4-1.3mdk.ppc.rpm
5abe989099da57d849e3261c1c6d7e2b  ppc/8.0/SRPMS/squid-2.4.STABLE4-1.3mdk.src.rpm

7.1 i586

 49845545fb8c7030e93a10a83140a95d  7.1/RPMS/squid-2.4.STABLE4-1.2mdk.i586.rpm
48d265d7e5422a4a5c10a52e3dc0f1f6  7.1/SRPMS/squid-2.4.STABLE4-1.2mdk.src.rpm

7.2 i586

 dfdc2114fd9690237b6b3bcd27613c1c  7.2/RPMS/squid-2.4.STABLE4-1.2mdk.i586.rpm
48d265d7e5422a4a5c10a52e3dc0f1f6  7.2/SRPMS/squid-2.4.STABLE4-1.2mdk.src.rpm

References

http://www.squid-cache.org/Advisories/SQUID-2002_1.txt