Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Gentoo Security Advisory GLSA 200403-11 (Squid)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing updates announced in advisory GLSA 200403-11.
Insight
Insight
Squid versions 2.0 through to 2.5.STABLE4 could allow a remote attacker to bypass Access Control Lists by sending a specially-crafted URL request containing '%00': in such circumstances the url_regex ACL may not properly detect the malicious URL, allowing the attacker to effectively bypass the ACL.
Solution
Solution
Squid can be updated as follows: # emerge sync # emerge -pv '>=www-proxy/squid-2.5.5' # emerge '>=www-proxy/squid-2.5.5' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200403-11 http://bugs.gentoo.org/show_bug.cgi?id=45273 http://www.squid-cache.org/Advisories/SQUID-2004_1.txt