Ubuntu Update for squid vulnerabilities USN-414-1

Ubuntu Update for squid vulnerabilities USN-414-

Reporter	Title	Published	Views	Family All 44
Tenable Nessus	Squid < 2.6.STABLE7 Multiple Vulnerabilities	17 Jan 200700:00	–	nessus
Tenable Nessus	Fedora Core 5 : squid-2.5.STABLE14-3.FC5 (2007-092)	18 Jan 200700:00	–	nessus
Tenable Nessus	GLSA-200701-22 : Squid: Multiple Denial of Service vulnerabilities	26 Jan 200700:00	–	nessus
Tenable Nessus	Mandrake Linux Security Advisory : squid (MDKSA-2007:026)	18 Feb 200700:00	–	nessus
Tenable Nessus	Squid < 2.6.STABLE7 Multiple Remote DoS	20 Mar 200700:00	–	nessus
Tenable Nessus	SuSE9 Security Update : squid (YOU Patch Number 11402)	24 Sep 200900:00	–	nessus
Tenable Nessus	SUSE-SA:2007:012: squid	18 Feb 200700:00	–	nessus
Tenable Nessus	SuSE 10 Security Update : squid (ZYPP Patch Number 2502)	13 Dec 200700:00	–	nessus
Tenable Nessus	openSUSE 10 Security Update : squid (squid-2504)	17 Oct 200700:00	–	nessus
Tenable Nessus	Ubuntu 6.06 LTS / 6.10 : squid vulnerabilities (USN-414-1)	10 Nov 200700:00	–	nessus

Source	Link
ubuntu	www.ubuntu.com/usn/usn-414-1/

###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ubuntu_USN_414_1.nasl 7969 2017-12-01 09:23:16Z santu $
#
# Ubuntu Update for squid vulnerabilities USN-414-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "David Duncan Ross Palmer and Henrik Nordstrom discovered that squid
  incorrectly handled special characters in FTP URLs.  Remote users with
  access to squid could crash the server leading to a denial of service.
  (CVE-2007-0247)

  Erick Dantas Rotole and Henrik Nordstrom discovered that squid could end
  up in an endless loop when exhausted of available external ACL helpers.
  Remote users with access to squid could cause CPU starvation, possibly
  leading to a denial of service.  This does not affect a default Ubuntu
  installation, since external ACL helpers must be configured and used.
  (CVE-2007-0248)";

tag_summary = "Ubuntu Update for Linux kernel vulnerabilities USN-414-1";
tag_affected = "squid vulnerabilities on Ubuntu 6.06 LTS ,
  Ubuntu 6.10";
tag_solution = "Please Install the Updated Packages.";



if(description)
{
  script_xref(name: "URL" , value: "http://www.ubuntu.com/usn/usn-414-1/");
  script_id(840151);
  script_version("$Revision: 7969 $");
  script_tag(name:"last_modification", value:"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $");
  script_tag(name:"creation_date", value:"2009-03-23 10:55:18 +0100 (Mon, 23 Mar 2009)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_xref(name: "USN", value: "414-1");
  script_cve_id("CVE-2007-0247", "CVE-2007-0248");
  script_name( "Ubuntu Update for squid vulnerabilities USN-414-1");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
  script_family("Ubuntu Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages");
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-deb.inc");

release = get_kb_item("ssh/login/release");


res = "";
if(release == NULL){
  exit(0);
}

if(release == "UBUNTU6.06 LTS")
{

  if ((res = isdpkgvuln(pkg:"squid-cgi", ver:"2.5.12-4ubuntu2.2", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"squid", ver:"2.5.12-4ubuntu2.2", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"squidclient", ver:"2.5.12-4ubuntu2.2", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"squid-common", ver:"2.5.12-4ubuntu2.2", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "UBUNTU6.10")
{

  if ((res = isdpkgvuln(pkg:"squid-cgi", ver:"2.6.1-3ubuntu1.2", rls:"UBUNTU6.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"squid", ver:"2.6.1-3ubuntu1.2", rls:"UBUNTU6.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"squidclient", ver:"2.6.1-3ubuntu1.2", rls:"UBUNTU6.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"squid-common", ver:"2.6.1-3ubuntu1.2", rls:"UBUNTU6.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

01 Dec 2017 00:00Current

6.5Medium risk

Vulners AI Score6.5

EPSS0.19093