Gentoo Security Advisory GLSA 200501-25 (squid)

2008-09-2400:00:00

plugins.openvas.org

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.97 High

EPSS

Percentile

99.7%

JSON

The remote host is missing updates announced in
advisory GLSA 200501-25.

# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.54811");
  script_version("2023-07-14T16:09:26+0000");
  script_tag(name:"last_modification", value:"2023-07-14 16:09:26 +0000 (Fri, 14 Jul 2023)");
  script_tag(name:"creation_date", value:"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)");
  script_cve_id("CVE-2005-0094", "CVE-2005-0095", "CVE-2005-0096", "CVE-2005-0097", "CVE-2005-0194");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_name("Gentoo Security Advisory GLSA 200501-25 (squid)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2008 E-Soft Inc.");
  script_family("Gentoo Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/gentoo", "ssh/login/pkg");
  script_tag(name:"insight", value:"Squid contains vulnerabilities in the code handling NTLM (NT Lan
Manager), Gopher to HTML, ACLs and WCCP (Web Cache Communication Protocol)
which could lead to ACL bypass, denial of service and arbitrary code
execution.");
  script_tag(name:"solution", value:"All Squid users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose '>=www-proxy/squid-2.5.7-r2'");

  script_xref(name:"URL", value:"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200501-25");
  script_xref(name:"URL", value:"http://bugs.gentoo.org/show_bug.cgi?id=77934");
  script_xref(name:"URL", value:"http://bugs.gentoo.org/show_bug.cgi?id=77521");
  script_xref(name:"URL", value:"http://secunia.com/advisories/13825/");
  script_xref(name:"URL", value:"http://secunia.com/advisories/13789/");
  script_tag(name:"summary", value:"The remote host is missing updates announced in
advisory GLSA 200501-25.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("pkg-lib-gentoo.inc");
include("revisions-lib.inc");

res = "";
report = "";
report = "";
if ((res = ispkgvuln(pkg:"www-proxy/squid", unaffected: make_list("ge 2.5.7-r2"), vulnerable: make_list("lt 2.5.7-r2"))) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99);
}