Lucene search
Copyright (C) 2008 E-Soft Inc.OPENVAS:136141256231052280HistorySep 04, 2008 - 12:00 a.m.
FreeBSD Ports: squid
2008-09-0400:00:00
Copyright (C) 2008 E-Soft Inc.
plugins.openvas.org
1
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7 High
AI Score
Confidence
Low
0.009 Low
EPSS
Percentile
82.7%
The remote host is missing an update to the system
as announced in the referenced advisory.
# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.52280");
script_version("2023-07-26T05:05:09+0000");
script_tag(name:"last_modification", value:"2023-07-26 05:05:09 +0000 (Wed, 26 Jul 2023)");
script_tag(name:"creation_date", value:"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)");
script_cve_id("CVE-2004-2479");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_name("FreeBSD Ports: squid");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2008 E-Soft Inc.");
script_family("FreeBSD Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/freebsd", "ssh/login/freebsdrel");
script_tag(name:"insight", value:"The following package is affected: squid
The installed version of squid suffers from an
information disclosure vulnerability. An attacker
that supplies malformed host names can gain access
to sensitive information which may then be used
to carry out further attacks.");
script_tag(name:"solution", value:"Update your system with the appropriate patches or
software upgrades.");
script_xref(name:"URL", value:"http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-dothost");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/11865");
script_xref(name:"URL", value:"http://www.vuxml.org/freebsd/f0db930b-496b-11d9-bf86-0050569f0001.html");
script_tag(name:"summary", value:"The remote host is missing an update to the system
as announced in the referenced advisory.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-bsd.inc");
vuln = FALSE;
txt = "";
bver = portver(pkg:"squid");
if(!isnull(bver) && revcomp(a:bver, b:"2.5.7_4")<0) {
txt += 'Package squid version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = TRUE;
}
if(vuln) {
security_message(data:txt);
} else if (__pkg_match) {
exit(99);
}Related
cve
cve
CVE-2004-2479
2005-08-21 04:00:00
openvas
openvas
FreeBSD Ports: squid
2008-09-04 00:00:00
nvd
nvd
CVE-2004-2479
2004-12-31 05:00:00
nessus
nessus
Squid < 2.5.STABLE8 Malformed Host Name Error Message Information Disclosure
2004-12-09 00:00:00
RHEL 2.1 / 3 / 4 : squid (RHSA-2005:766)
2005-09-17 00:00:00
CentOS 3 / 4 : squid (CESA-2005:766)
2006-07-03 00:00:00
debiancve
debiancve
CVE-2004-2479
2005-08-21 04:00:00
cvelist
cvelist
CVE-2004-2479
2005-08-21 04:00:00
centos
centos
squid security update
2005-09-15 09:25:45
squid security update
2005-09-15 23:41:30
redhat
redhat
(RHSA-2005:766) squid security update
2005-09-15 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7 High
AI Score
Confidence
Low
0.009 Low
EPSS
Percentile
82.7%
Related for OPENVAS:136141256231052280