exploit the possibilities

Mandriva Linux Security Advisory 2007.026

Mandriva Linux Security Advisory 2007.026
Posted Jan 24, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A vulnerability in squid was discovered that could be remotely exploited by using a special ftp:// URL. Another Denial of Service vulnerability was discovered in squid 2.6 that allows remote attackers to crash the server by causing an external_acl_queue overload. Additionally, a bug in squid 2.6 for max_user_ip handling in ntlm_auth has been corrected.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2007-0247, CVE-2007-0248
MD5 | 0991f5bc1631bd1bb6346665338731d8

Mandriva Linux Security Advisory 2007.026

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:026
http://www.mandriva.com/security/
_______________________________________________________________________

Package : squid
Date : January 23, 2007
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

A vulnerability in squid was discovered that could be remotely
exploited by using a special ftp:// URL (CVE-2007-0247).

Another Denial of Service vulnerability was discovered in squid 2.6
that allows remote attackers to crash the server by causing an
external_acl_queue overload (CVE-2007-0248).

Additionally, a bug in squid 2.6 for max_user_ip handling in ntlm_auth
has been corrected.

The updated packages have been patched to correct this problem.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0247
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0248
http://www.squid-cache.org/bugs/show_bug.cgi?id=1792
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
08e2ff96f1951e61a976ef60bbf6bea5 2006.0/i586/squid-2.5.STABLE10-10.3.20060mdk.i586.rpm
59613107122da1dd6c0ce6724f563fed 2006.0/i586/squid-cachemgr-2.5.STABLE10-10.3.20060mdk.i586.rpm
96bdafa2207c70e46e2c6b958748b884 2006.0/SRPMS/squid-2.5.STABLE10-10.3.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
60c1f397b2ce5b283757b76da8c70df1 2006.0/x86_64/squid-2.5.STABLE10-10.3.20060mdk.x86_64.rpm
b0ec419dcae41638d2f628f013c0e050 2006.0/x86_64/squid-cachemgr-2.5.STABLE10-10.3.20060mdk.x86_64.rpm
96bdafa2207c70e46e2c6b958748b884 2006.0/SRPMS/squid-2.5.STABLE10-10.3.20060mdk.src.rpm

Mandriva Linux 2007.0:
21dd893ce118c427d7b34656e41939ec 2007.0/i586/squid-2.6.STABLE1-4.2mdv2007.0.i586.rpm
4021d4e323f1fc695aa956832ede5dbd 2007.0/i586/squid-cachemgr-2.6.STABLE1-4.2mdv2007.0.i586.rpm
6800d5a945187fca10197220d3068e01 2007.0/SRPMS/squid-2.6.STABLE1-4.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
dd5ac455b5f94d7b5589d1ff80972dc3 2007.0/x86_64/squid-2.6.STABLE1-4.2mdv2007.0.x86_64.rpm
e9968cd35f6c21988691982ab3d6c9dc 2007.0/x86_64/squid-cachemgr-2.6.STABLE1-4.2mdv2007.0.x86_64.rpm
6800d5a945187fca10197220d3068e01 2007.0/SRPMS/squid-2.6.STABLE1-4.2mdv2007.0.src.rpm

Corporate 3.0:
95c1ca980282b1c49b50a8507c7fd82d corporate/3.0/i586/squid-2.5.STABLE9-1.6.C30mdk.i586.rpm
7a65ca526a37b6850f4b33f1959d8595 corporate/3.0/SRPMS/squid-2.5.STABLE9-1.6.C30mdk.src.rpm

Corporate 3.0/X86_64:
5c575f5fb19da84a3c0f3ee92429c65c corporate/3.0/x86_64/squid-2.5.STABLE9-1.6.C30mdk.x86_64.rpm
7a65ca526a37b6850f4b33f1959d8595 corporate/3.0/SRPMS/squid-2.5.STABLE9-1.6.C30mdk.src.rpm

Corporate 4.0:
db2095e0e73bb231ffe40897b1666fbf corporate/4.0/i586/squid-2.6.STABLE1-4.2.20060mlcs4.i586.rpm
7fff9071842f6d87f10643a66d858373 corporate/4.0/i586/squid-cachemgr-2.6.STABLE1-4.2.20060mlcs4.i586.rpm
46198dfe46b61033924be7a1050bf1d7 corporate/4.0/SRPMS/squid-2.6.STABLE1-4.2.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
a3431be4855f377ae0efaf7bf60c845f corporate/4.0/x86_64/squid-2.6.STABLE1-4.2.20060mlcs4.x86_64.rpm
7953d0208a17451f1465c69d244736fd corporate/4.0/x86_64/squid-cachemgr-2.6.STABLE1-4.2.20060mlcs4.x86_64.rpm
46198dfe46b61033924be7a1050bf1d7 corporate/4.0/SRPMS/squid-2.6.STABLE1-4.2.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
6df4b826639660123bd8cbaf045b3efd mnf/2.0/i586/squid-2.5.STABLE9-1.6.M20mdk.i586.rpm
0c6029fd8710939fa1e187acbf2e1c70 mnf/2.0/SRPMS/squid-2.5.STABLE9-1.6.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFtnD3mqjQ0CJFipgRAhh/AKDeZDFmAclCBbLZnW8QhNUqNX3ywACeLpcn
KBexN76SNlVNaZ98ZFcqRyU=
=FiiN
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close