search.internet.com

Become a Marketplace Partner internet.commerce Be a Commerce Partner Linux Today Enterprise Linux Today Apache Today JustLinux.com Linux Planet PHPBuilder All Linux Devices Technology Jobs LinuxToday Newsletters Subscribe News Subscribe PR Subscribe Security internet.com IT Developer Internet News Small Business Personal Technology Search internet.com Advertise Corporate Info Newsletters Tech Jobs E-mail Offers

Current Newswire: Sifting Through Billions and Billions of Bytes Miro 2.0 - Watch TV Podcasts and Videos in HD Hands off the Gimp Course: Using LDAP Bazaar for Subversion users, part 1 - the basics Firefox 3.5 - A Really Impressive Release Linux Migration Guide: Finding Linux Equivalents to Your Favorite Windows Programs Tiny Core Linux 2.1 Review 5 Top of the Line Twitter Desktop Clients for Linux SECURITY: How Microsoft benefits from Conficker Senior Windows Engineer (NC) Next Step Systems US-NC-Charlotte Post A Job | Post A Resume Gentoo Linux Advisory: Squid Oct 19, 2004, 03 :14 UTC (0 Talkback[s]) (2195 reads) Gentoo Linux Security Advisory GLSA 200410-15 http://security.gentoo.org/ Severity: Normal Title: Squid: Remote DoS vulnerability Date: October 18, 2004 Bugs: #67167 ID: 200410-15 Synopsis Squid contains a vulnerability in the SNMP module which may lead to a denial of service. Background Squid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Affected packages Package Vulnerable Unaffected 1 www-proxy/squid < 2.5.7 >=3D 2.5.7 Description A parsing error exists in the SNMP module of Squid where a specially-crafted UDP packet can potentially cause the server to restart, closing all current connections. This vulnerability only exists in versions of Squid compiled with the 'snmp' USE flag. Impact An attacker can repeatedly send these malicious UDP packets to the Squid server, leading to a denial of service. Workaround Disable SNMP support or filter the port that has SNMP processing (default is 3401) to allow only SNMP data from trusted hosts. To disable SNMP support put the entry snmp_port 0 in the squid.conf configuration file. To allow only the local interface to process SNMP, add the entry "snmp_incoming_address 127.0.0.1" in the squid.conf configuration file. Resolution All Squid users should upgrade to the latest version: # emerge sync # emerge -pv ">=3Dwww-proxy/squid-2.5.7" # emerge ">=3Dwww-proxy/squid-2.5.7" References [ 1 ] iDEFENSE Advisory http://www.idefense.com/application/poi/display?id=3D152&type=3Dvulnerabilities&flashstatus=3Dtrue Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200410-15.xml Concerns? Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/1.0 No talkbacks posted.   Home | Search Talkbacks | Customize View    Top of Page   Enter your comments below: * Your Name: * Your Email Address: * Subject: CC: [will also send this talkback to an E-Mail address] * Comments: Tags allowed:<I>,<B> and <U>. See our talkback-policy for more about talkback content. Fields marked with * are required!

All times are recorded in UTC. Linux is a trademark of Linus Torvalds. Powered by Linux, Apache and PHP Search: WebMediaBrands Corporate Info Legal Notices, Licensing, Reprints, Permissions, Privacy Policy. Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs Solutions Whitepapers and eBooks Whitepaper: Introducing the Azure Services Platform Whitepaper: Introduction to Microsoft .NET Services for Developers Whitepaper: Securing Microsoft's Cloud Infrastructure Internet.com eBook: Becoming a Better Project Manager Microsoft Partner Portal: What Azure Means for Microsoft Partners Internet.com eBook: Web Development Frameworks for Java Internet.com eBook: Developing a Content Management System Strategy Article: Ten Things IT Professionals Should Know About Windows 7 MORE WHITEPAPERS, EBOOKS, AND ARTICLES Webcasts Get Started with .NET Services MORE WEBCASTS, PODCASTS, AND VIDEOS Downloads and eKits Amyuni: PDF & PDF/A Engine for .NET and ActiveX Apps Red Gate Free Trial: SQL Toolbelt Iron Speed Designer Application Generator Download Award-Winning Red Gate SQL Backup Pro MORE DOWNLOADS, EKITS, AND FREE TRIALS Tutorials and Demos Internet.com Hot List: Get the Inside Scoop on the Hottest IT and Developer Products Internet.com Hot List: Java EE 6 Platform Highlights the JavaOne Conference MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES