Korean

<< Back VID 22251 Severity 30 Port 8080,3128 Protocol TCP Class Webproxy Detailed Description The Squid caching proxy, according to its version number, has a denial of service vulnerability via mkdir-only PUT request. Squid is a freely available Web Proxy server for Linux distributions. Squid Web Proxy Cache versions 2.3 and 2.4 series could allow a remote attacker to cause a denial of service. By passing a specially-crafted mkdir-only PUT request through the proxy, the attacker could cause the affected proxy server to crash. * Note: This check solely relied on the version number of the remote Squid proxy server to assess this vulnerability, so this might be a false positive. * References: http://archives.neohapsis.com/archives/bugtraq/2001-09/0181.html * Platforms Affected: National Science Foundation Squid Web Proxy Cache 2.3STABLEx to 2.3STABLE5 National Science Foundation Squid Web Proxy Cache 2.4.x Unix Any version Linux Any version Recommendation Apply the ftp.c patch, available from the Squid Bugzilla bug tracking system (Bug 233) Web site at http://www.squid-cache.org/bugs/show_bug.cgi?id=233 For Red Hat Linux: Upgrade to the latest version of squid, as listed in Red Hat Security Advisory RHSA-2001:113-03 at http://rhn.redhat.com/errata/RHSA-2001-113.html For Debian GNU/Linux 2.2 (potato): Upgrade to the latest version of squid (2.2.5-3.2 or later), as listed in Debian Security Advisory DSA-077-1 at http://www.debian.org/security/2001/dsa-077 For SuSE Linux: Upgrade to the appropriate version of squid, as listed in SuSE Security Announcement SuSE-SA:2001:037 at http://www.suse.de/de/security/2001_037_squid_txt.txt For Mandrake Linux: Upgrade to the latest version of squid, as listed in MandrakeSoft Security Advisory MDKSA-2001:088 at http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2001:088 For other distributions: Contact your vendor for patch or upgrade information. Related URL CVE-2001-0843 (CVE) Related URL 3354 (SecurityFocus) Related URL 7157 (ISS)