Linux Today: Linux News On Internet Time.
Search Linux Today
search.internet.com
Linux News Sections: Blog - Developer - High Performance - Infrastructure - IT Management - Security - Storage -
Linux Today Navigation
LT Home
Preferences
Contribute
Link to Us
Search
Linux Jobs

Become a Marketplace Partner

internet.commerce
Be a Commerce Partner














The Linux Channel at internet.com
Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Technology Jobs

JustTechJobs.com

LinuxToday Newsletters
Subscribe News
Subscribe PR
Subscribe Security

internet.com
IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

 

Current Newswire:

Linux And Martial Arts Humor - Linus Torvalds Vs. Chuck Norris

Extending Nautilus, Scripting Your Way To UI Bliss

Check Your Mysql Server Performance with MySQLTuner

The Growth of the Newest Kubuntu Support Option

Linux Game "System of Tomorrow" Ships in Two Weeks

Anonymous Proxy Using Squid 3 On CentOS 5.x

Install and Configure Cacti Monitoring Tool in Ubuntu 8.10 (Intrepid Ibex) Server

SimplyMEPIS: The Best Desktop Linux You Haven't Tried

Planning Extensions in TYPO3

How the Linux Kernel Manages Virtual Memory

Sr. Developer, Backend
Professional Technical Resources
US-OR-Portland

Justtechjobs.com Post A Job | Post A Resume
:Gentoo Linux Advisory: Squid
Gentoo Linux Advisory: Squid
Oct 19, 2004, 03 :14 UTC (0 Talkback[s]) (2018 reads)

Gentoo Linux Security Advisory GLSA 200410-15

http://security.gentoo.org/

Severity: Normal
Title: Squid: Remote DoS vulnerability
Date: October 18, 2004
Bugs: #67167
ID: 200410-15

Synopsis

Squid contains a vulnerability in the SNMP module which may lead to a denial of service.

Background

Squid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features.

Affected packages

PackageVulnerableUnaffected
1 www-proxy/squid< 2.5.7>=3D 2.5.7

Description

A parsing error exists in the SNMP module of Squid where a specially-crafted UDP packet can potentially cause the server to restart, closing all current connections. This vulnerability only exists in versions of Squid compiled with the 'snmp' USE flag.

Impact

An attacker can repeatedly send these malicious UDP packets to the Squid server, leading to a denial of service.

Workaround

Disable SNMP support or filter the port that has SNMP processing (default is 3401) to allow only SNMP data from trusted hosts.

To disable SNMP support put the entry snmp_port 0 in the squid.conf configuration file.

To allow only the local interface to process SNMP, add the entry "snmp_incoming_address 127.0.0.1" in the squid.conf configuration file.

Resolution

All Squid users should upgrade to the latest version: 

    # emerge sync

    # emerge -pv ">=3Dwww-proxy/squid-2.5.7"
    # emerge ">=3Dwww-proxy/squid-2.5.7"

References

[ 1 ] iDEFENSE Advisory

http://www.idefense.com/application/poi/display?id=3D152&type=3Dvulnerabilities&flashstatus=3Dtrue

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200410-15.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/1.0



No talkbacks posted.
  Home | Search Talkbacks | Customize View    Top of Page  



Enter your comments below:

* Your Name:

* Your Email Address:

* Subject:

CC: [will also send this talkback to an E-Mail address]

* Comments:

Tags allowed:<I>,<B> and <U>. See our talkback-policy for more about talkback content.

Fields marked with * are required!






..............................


All times are recorded in UTC.
Linux is a trademark of Linus Torvalds.
Powered by Linux, Apache and PHP

internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Solutions

Whitepapers and eBooks

Microsoft PDF: Top 11 Reasons to Upgrade to Windows Server 2008
Intel Podcast Transcript: Talking vPro
Avaya Article: Communication-Enabled Mashups: Empowering Both Business Owners and IT
Whitepaper: Building a Real-World Model to Assess Virtualization Platforms
PDF: Intel Centrino Duo Processor Technology with Intel Core2 Duo Processor
Microsoft Article: Will Hyper-V Make VMware This Decade's Netscape?
Go Parallel Article: Q&A with a TBB Junkie
Microsoft Article: BitLocker Encryption on Windows Server 2008
Go Parallel Article: Intel Thread Checker, Meet 20 Million LOC
IBM Whitepaper: Innovative Collaboration to Advance Your Business
   Internet.com eBook: Real Life Rails
IBM eBook: The Pros and Cons of Outsourcing
Internet.com eBook: Best Practices for Developing a Web Site
IBM CXO Whitepaper: The 2008 Global CEO Study "The Enterprise of the Future"
Avaya Article: Call Control XML in Action - A CCXML Auto Attendant
IBM CXO Whitepaper: Unlocking the DNA of the Adaptable Workforce--The Global Human Capital Study 2008
Adobe Acrobat Connect Pro: Web Conferencing and eLearning Whitepapers
HP eBook: Storage Networking , Part 1
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

Podcast: The Pro Platform - Intel vPro Technology
Go Parallel Video: Intel(R) Threading Building Blocks: A New Method for Threading in C++
HP Video: Is Your Data Center Ready for a Real World Disaster?
Microsoft Partner Portal Video: Microsoft Gold Certified Partners Build Successful Practices
HP On Demand Webcast: Virtualization in Action
Go Parallel Video: Performance and Threading Tools for Game Developers
   Rackspace Hosting Center: Customer Videos
Intel vPro Developer Virtual Bootcamp
HP Disaster-Proof Solutions eSeminar
HP On Demand Webcast: Discover the Benefits of Virtualization
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Amyuni Download: PDF & XPS Engine for Your .NET and ActiveX Applications
Acresso Download: Try InstallShield 2009
Microsoft Download: Silverlight 2 SDK
30-Day Trial: SPAMfighter Exchange Module
   Red Gate Download: SQL Toolbelt
Iron Speed Designer Application Generator
Microsoft Download: Silverlight 2 Developer Runtime (Windows)
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Demo: Dual-Core Intel Itanium 2 Processor
IBM IT Innovation Article: Green Servers Provide a Competitive Advantage
   Microsoft Article: Making Designer/Developer Collaboration a Reality
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES