Vulnerability Bulletins |
Denegación de Servicio en Squid |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Denegación de Servicio |
Dificulty | Avanzado |
Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
Property | Value |
Affected manufacturer | GNU/Linux |
Affected software | Squid 2.5 |
Description |
|
Se ha descubierto una vulnerabilidad en la versión 2.5 de Squid. La vulnerabilidad reside en las rutinas de autenticación NTLM. La explotación de esta vulnerabilidad podría permitir a un atacante remoto provocar una situación de denegación de servicio de Squid mediante el envío de un paquete NTLMSSP especialmente diseñado. |
|
Solution |
|
Actualización de software Squid Parche http://www.squid-cache.org/bugs/attachment.cgi?id=432&action=view Mandrake Linux Mandrakelinux 9.2 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/squid-2.5.STABLE3-3.3.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/squid-2.5.STABLE3-3.3.92mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/squid-2.5.STABLE3-3.3.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/squid-2.5.STABLE3-3.3.92mdk.src.rpm Mandrakelinux 10.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/squid-2.5.STABLE4-2.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/squid-2.5.STABLE4-2.1.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/squid-2.5.STABLE4-2.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/squid-2.5.STABLE4-2.1.100mdk.src.rpm Red Hat Linux Red Hat Desktop (v. 3) AMD64 squid-2.5.STABLE3-6.3E.1.x86_64.rpm SRPMS squid-2.5.STABLE3-6.3E.1.src.rpm i386 squid-2.5.STABLE3-6.3E.1.i386.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux AS (v. 3) AMD64 squid-2.5.STABLE3-6.3E.1.x86_64.rpm SRPMS squid-2.5.STABLE3-6.3E.1.src.rpm i386 squid-2.5.STABLE3-6.3E.1.i386.rpm ia64 squid-2.5.STABLE3-6.3E.1.ia64.rpm ppc squid-2.5.STABLE3-6.3E.1.ppc.rpm s390 squid-2.5.STABLE3-6.3E.1.s390.rpm s390x squid-2.5.STABLE3-6.3E.1.s390x.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux ES (v. 3) AMD64 squid-2.5.STABLE3-6.3E.1.x86_64.rpm SRPMS squid-2.5.STABLE3-6.3E.1.src.rpm i386 squid-2.5.STABLE3-6.3E.1.i386.rpm ia64 squid-2.5.STABLE3-6.3E.1.ia64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux WS (v. 3) AMD64 squid-2.5.STABLE3-6.3E.1.x86_64.rpm SRPMS squid-2.5.STABLE3-6.3E.1.src.rpm i386 squid-2.5.STABLE3-6.3E.1.i386.rpm ia64 squid-2.5.STABLE3-6.3E.1.ia64.rpm https://rhn.redhat.com/ |
|
Standar resources |
|
Property | Value |
CVE | CAN-2004-0832 |
BID | |
Other resources |
|
Squid Bug 1045 http://www.squid-cache.org/bugs/show_bug.cgi?id=1045 Mandrakesoft Security Advisory MDKSA-2004:093 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:093 Red Hat Linux Advisory RHSA-2004:462-10 https://rhn.redhat.com/errata/RHSA-2004-462.html |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2004-09-16 |
1.1 | Aviso emitido por Red Hat (RHSA-2004:462-10). | 2004-10-01 |