Squid代理DNS查询失败随机错误消息的信息泄露漏洞-一一网

Squid代理DNS查询失败随机错误消息的信息泄露漏洞

4年前更新

1970

漏洞信息详情

Squid代理DNS查询失败随机错误消息的信息泄露漏洞

CNNVD编号：CNNVD-200412-1176

危害等级：中危
CVE编号：
CVE-2004-2479
漏洞类型：

设计错误
发布时间：

2004-12-31
威胁类型：

远程
更新时间：

2005-10-20
厂商：

national_science_foundation
漏洞来源：
Discovery is credi…

漏洞简介

Squid Web Proxy Cache 2.5存在漏洞。远程攻击者借助包含导致DNS操作失败
无效主机名的URLs获得敏感信息，该漏洞导致引用以前使用的错误信息。

漏洞公告

Please see the referenced vendor advisories for more information and fixes.

Squid Web Proxy Cache 2.5 .STABLE6

Squid squid-2.5.STABLE7-dothost.patch

http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-doth
ost.patch

Squid Web Proxy Cache 2.5 .STABLE4

Squid squid-2.5.STABLE7-dothost.patch

http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-doth
ost.patch

Squid Web Proxy Cache 2.5 .STABLE1

RedHat squid-2.5.STABLE1-9.10.legacy.i386.rpmRed Hat Linux 9:

http://download.fedoralegacy.org/redhat/9/updates/i386/squid-2.5.STABL
E1-9.10.legacy.i386.rpm
Squid squid-2.5.STABLE7-dothost.patch

http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-doth
ost.patch

Squid Web Proxy Cache 2.5 .STABLE3

RedHat squid-2.5.STABLE3-2.fc1.6.legacy.i386.rpmFedora Core 1:

http://download.fedoralegacy.org/fedora/1/updates/i386/squid-2.5.STABL
E3-2.fc1.6.legacy.i386.rpm
Squid squid-2.5.STABLE7-dothost.patch

http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-doth
ost.patch

Squid Web Proxy Cache 2.5 .STABLE7

Squid squid-2.5.STABLE7-dothost.patch

http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-doth
ost.patch

Squid Web Proxy Cache 2.5 .STABLE5

RedHat squid-2.5.STABLE9-1.FC2.4.legacy.i386.rpmFedora Core 2:

http://download.fedoralegacy.org/fedora/2/updates/i386/squid-2.5.STABL
E9-1.FC2.4.legacy.i386.rpm
Squid squid-2.5.STABLE7-dothost.patch

http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-doth
ost.patch

参考网址

来源: XF
名称: squid-hostname-obtain-info(18406)
链接:http://xforce.iss.net/xforce/xfdb/18406

来源: www.squid-cache.org
链接:http://www.squid-cache.org/bugs/show_bug.cgi?id=1143

来源: BID
名称: 11865
链接:http://www.securityfocus.com/bid/11865

来源: SECTRACK
名称: 1012466
链接:http://securitytracker.com/id?1012466

来源: SECUNIA
名称: 13408
链接:http://secunia.com/advisories/13408

来源: OSVDB
名称: 12282
链接:http://www.osvdb.org/12282

来源: OVAL
名称: oval:org.mitre.oval:def:9711
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9711

来源: REDHAT
名称: RHSA-2005:766
链接:http://www.redhat.com/support/errata/RHSA-2005-766.html

来源: SECUNIA
名称: 16977
链接:http://secunia.com/advisories/16977

来源: FEDORA
名称: FLSA-2006:152809
链接:http://fedoranews.org/updates/FEDORA–.shtml

受影响实体

National_science_foundation Squid_web_proxy_cache:2.5_stable7
National_science_foundation Squid_web_proxy_cache:2.5_stable6
National_science_foundation Squid_web_proxy_cache:2.5_stable5
National_science_foundation Squid_web_proxy_cache:2.5_stable4
National_science_foundation Squid_web_proxy_cache:2.5_stable3

© 版权声明

文章版权归作者所有，未经允许请勿转载。

THE END

喜欢就支持一下吧

相关推荐