Lucene search

K
openvasCopyright (c) 2012 Greenbone Networks GmbHOPENVAS:1361412562310881345
HistoryJul 30, 2012 - 12:00 a.m.

CentOS Update for squid CESA-2011:1791 centos6

2012-07-3000:00:00
Copyright (c) 2012 Greenbone Networks GmbH
plugins.openvas.org
7

0.935 High

EPSS

Percentile

98.9%

The remote host is missing an update for the

###############################################################################
# OpenVAS Vulnerability Test
#
# CentOS Update for squid CESA-2011:1791 centos6
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_xref(name:"URL", value:"http://lists.centos.org/pipermail/centos-announce/2011-December/018354.html");
  script_oid("1.3.6.1.4.1.25623.1.0.881345");
  script_version("$Revision: 14222 $");
  script_tag(name:"last_modification", value:"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $");
  script_tag(name:"creation_date", value:"2012-07-30 17:30:44 +0530 (Mon, 30 Jul 2012)");
  script_cve_id("CVE-2011-4096");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_xref(name:"CESA", value:"2011:1791");
  script_name("CentOS Update for squid CESA-2011:1791 centos6");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'squid'
  package(s) announced via the referenced advisory.");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
  script_family("CentOS Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/centos", "ssh/login/rpms", re:"ssh/login/release=CentOS6");
  script_tag(name:"affected", value:"squid on CentOS 6");
  script_tag(name:"solution", value:"Please install the updated packages.");
  script_tag(name:"insight", value:"Squid is a high-performance proxy caching server for web clients,
  supporting FTP, Gopher, and HTTP data objects.

  An input validation flaw was found in the way Squid calculated the total
  number of resource records in the answer section of multiple name server
  responses. An attacker could use this flaw to cause Squid to crash.
  (CVE-2011-4096)

  Users of squid should upgrade to this updated package, which contains a
  backported patch to correct this issue. After installing this update, the
  squid service will be restarted automatically.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";

if(release == "CentOS6")
{

  if ((res = isrpmvuln(pkg:"squid", rpm:"squid~3.1.10~1.el6_2.1", rls:"CentOS6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}

0.935 High

EPSS

Percentile

98.9%

Related for OPENVAS:1361412562310881345