10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
6.5 Medium
AI Score
Confidence
Low
0.97 High
EPSS
Percentile
99.7%
The remote host is missing updates announced in
advisory GLSA 200501-25.
# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.54811");
script_version("2023-07-14T16:09:26+0000");
script_tag(name:"last_modification", value:"2023-07-14 16:09:26 +0000 (Fri, 14 Jul 2023)");
script_tag(name:"creation_date", value:"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)");
script_cve_id("CVE-2005-0094", "CVE-2005-0095", "CVE-2005-0096", "CVE-2005-0097", "CVE-2005-0194");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_name("Gentoo Security Advisory GLSA 200501-25 (squid)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2008 E-Soft Inc.");
script_family("Gentoo Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/gentoo", "ssh/login/pkg");
script_tag(name:"insight", value:"Squid contains vulnerabilities in the code handling NTLM (NT Lan
Manager), Gopher to HTML, ACLs and WCCP (Web Cache Communication Protocol)
which could lead to ACL bypass, denial of service and arbitrary code
execution.");
script_tag(name:"solution", value:"All Squid users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-proxy/squid-2.5.7-r2'");
script_xref(name:"URL", value:"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200501-25");
script_xref(name:"URL", value:"http://bugs.gentoo.org/show_bug.cgi?id=77934");
script_xref(name:"URL", value:"http://bugs.gentoo.org/show_bug.cgi?id=77521");
script_xref(name:"URL", value:"http://secunia.com/advisories/13825/");
script_xref(name:"URL", value:"http://secunia.com/advisories/13789/");
script_tag(name:"summary", value:"The remote host is missing updates announced in
advisory GLSA 200501-25.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-gentoo.inc");
include("revisions-lib.inc");
res = "";
report = "";
report = "";
if ((res = ispkgvuln(pkg:"www-proxy/squid", unaffected: make_list("ge 2.5.7-r2"), vulnerable: make_list("lt 2.5.7-r2"))) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99);
}