Nessus Plugin #17144

Plugin Index

Note: This file has been created from a downloaded version of the Nessus Plugins from http://www.nessus.org/. Therefore, the information here can be outdated.

[GLSA-200502-25] Squid: Denial of Service through DNS responses

Family:
Gentoo Local Security Checks
Category:
infos
Copyright:
(C) 2005 Michel Arboi
Summary:
Squid: Denial of Service through DNS responses
Version:
$Revision: 1.1 $
Cve_id:
CAN-2005-0446
Bugtraq_id:
-
Xrefs:
GLSA:200502-25
Description:
The remote host is affected by the vulnerability described in GLSA-200502-25
(Squid: Denial of Service through DNS responses)


Handling of certain DNS responses trigger assertion failures.

Impact

By returning a specially crafted DNS response an attacker could
cause Squid to crash by triggering an assertion failure.

Workaround

There is no known workaround at this time.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0446


Solution:
All Squid users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-proxy/squid-2.5.8"


Risk factor : Medium
Generiert am 27.04.2005 um 18:49:54 Uhr.