Lucene search
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2002-044.NASLHistoryJul 31, 2004 - 12:00 a.m.
Mandrake Linux Security Advisory : squid (MDKSA-2002:044)
2004-07-3100:00:00
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
www.tenable.com
5
Numerous security problems were fixed in squid-2.4.STABLE7. This releases has several bugfixes to the Gopher client to correct some security issues. Security fixes to how squid parses FTP directory listings into HTML have been implemented. A security fix to how squid forwards proxy authentication credentials has been applied, as well as the MSNT auth helper has been updated to fix buffer overflows in the helper. Finally, FTP data channels are now sanity checked to match the address of the requested FTP server, which prevents injection of data or theft.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandrake Linux Security Advisory MDKSA-2002:044.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(13947);
script_version("1.18");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2002-0713", "CVE-2002-0714", "CVE-2002-0715");
script_xref(name:"MDKSA", value:"2002:044");
script_name(english:"Mandrake Linux Security Advisory : squid (MDKSA-2002:044)");
script_summary(english:"Checks rpm output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Mandrake Linux host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Numerous security problems were fixed in squid-2.4.STABLE7. This
releases has several bugfixes to the Gopher client to correct some
security issues. Security fixes to how squid parses FTP directory
listings into HTML have been implemented. A security fix to how squid
forwards proxy authentication credentials has been applied, as well as
the MSNT auth helper has been updated to fix buffer overflows in the
helper. Finally, FTP data channels are now sanity checked to match the
address of the requested FTP server, which prevents injection of data
or theft."
);
script_set_attribute(
attribute:"see_also",
value:"http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
);
script_set_attribute(attribute:"solution", value:"Update the affected squid package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:squid");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2");
script_set_attribute(attribute:"patch_publication_date", value:"2002/07/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"squid-2.4.STABLE7-1.3mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"squid-2.4.STABLE7-1.3mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"squid-2.4.STABLE7-1.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"squid-2.4.STABLE7-1.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"squid-2.4.STABLE7-1.1mdk", yank:"mdk")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mandriva | linux | squid | p-cpe:/a:mandriva:linux:squid |
| mandrakesoft | mandrake_linux | 7.1 | cpe:/o:mandrakesoft:mandrake_linux:7.1 |
| mandrakesoft | mandrake_linux | 7.2 | cpe:/o:mandrakesoft:mandrake_linux:7.2 |
| mandrakesoft | mandrake_linux | 8.0 | cpe:/o:mandrakesoft:mandrake_linux:8.0 |
| mandrakesoft | mandrake_linux | 8.1 | cpe:/o:mandrakesoft:mandrake_linux:8.1 |
| mandrakesoft | mandrake_linux | 8.2 | cpe:/o:mandrakesoft:mandrake_linux:8.2 |
Related
suse
suse
possible remote code execution in squid
2002-07-09 00:16:48
nessus
nessus
RHEL 2.1 : squid (RHSA-2002:130)
2004-07-06 00:00:00
cve
cve
debiancve
debiancve
Related for MANDRAKE_MDKSA-2002-044.NASL