首页 -> 安全研究

安全研究

安全漏洞
Squid多个远程代码执行漏洞

发布日期:2002-07-03
更新日期:2002-07-08

受影响系统:

National Science Foundation Squid Web Proxy 2.4STABLE6
National Science Foundation Squid Web Proxy 2.4STABLE4
National Science Foundation Squid Web Proxy 2.4STABLE3
National Science Foundation Squid Web Proxy 2.4STABLE2
National Science Foundation Squid Web Proxy 2.4STABLE1
National Science Foundation Squid Web Proxy 2.4PRE-STABLE2
National Science Foundation Squid Web Proxy 2.4PRE-STABLE
National Science Foundation Squid Web Proxy 2.4DEVEL4
National Science Foundation Squid Web Proxy 2.4DEVEL2
National Science Foundation Squid Web Proxy 2.4
National Science Foundation Squid Web Proxy 2.4
National Science Foundation Squid Web Proxy 2.3STABLE5
National Science Foundation Squid Web Proxy 2.3STABLE4
National Science Foundation Squid Web Proxy 2.3STABLE3
National Science Foundation Squid Web Proxy 2.3STABLE2
National Science Foundation Squid Web Proxy 2.3.1
National Science Foundation Squid Web Proxy 2.3
National Science Foundation Squid Web Proxy 2.2STABLE5
National Science Foundation Squid Web Proxy 2.2
National Science Foundation Squid Web Proxy 2.1
National Science Foundation Squid Web Proxy 2.0
    - Linux系统  
    - Unix系统  
不受影响系统:

National Science Foundation Squid Web Proxy 2.4STABLE7
描述:

BUGTRAQ  ID: 5153

Squid是一款免费开放源代码WEB代理软件,可使用在Unix、Linux、Microsoft Windows操作系统下。

Squid存在多个漏洞,远程攻击者利用这些漏洞在系统上以Squid进程权限执行任意代码。

没有更详细具体技术细节。

<*来源:Henrik Nordstrom (hno@squid-cache.org
  
  链接:http://archives.neohapsis.com/archives/bugtraq/2002-07/0036.html
        http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000506
        https://www.redhat.com/support/errata/RHSA-2002-051.html
*>

建议:

临时解决方法:

如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:

* 暂时没有合适的临时解决方法。

厂商补丁:

Conectiva
---------
Conectiva已经为此发布了一个安全公告(CLA-2002:506)以及相应补丁:
CLA-2002:506:squid
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000506

补丁下载:

ftp://atualizacoes.conectiva.com.br/6.0/RPMS/squid-2.4.7-1U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/squid-2.4.7-1U60_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/squid-2.4.7-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/squid-auth-2.4.7-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/squid-doc-2.4.7-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/squid-templates-2.4.7-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/squid-2.4.7-1U70_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/squid-2.4.7-1U8_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/squid-auth-2.4.7-1U8_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/squid-doc-2.4.7-1U8_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/squid-templates-2.4.7-1U8_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/squid-2.4.7-1U8_3cl.src.rpm

Conectiva Linux version 6.0及以上版本的用户可以使用apt进行RPM包的更新:

- 把以下的文本行加入到/etc/apt/sources.list文件中:
   
rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates

(如果你不是使用6.0版本,用合适的版本号代替上面的6.0)

- 执行:                 apt-get update
- 更新以后,再执行:     apt-get upgrade

National Science Foundation
---------------------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

National Science Foundation Upgrade squid-2.4.STABLE7-src.tar.gz
ftp://ftp.squid-cache.org/pub/squid-2/STABLE/squid-2.4.STABLE7-src.tar.gz

RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2002:051-16)以及相应补丁:
RHSA-2002:051-16:New Squid packages available
链接:https://www.redhat.com/support/errata/RHSA-2002-051.html

补丁下载:

Red Hat Linux 6.2:

SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/squid-2.4.STABLE6-6.6.2.src.rpm

alpha:
ftp://updates.redhat.com/6.2/en/os/alpha/squid-2.4.STABLE6-6.6.2.alpha.rpm

i386:
ftp://updates.redhat.com/6.2/en/os/i386/squid-2.4.STABLE6-6.6.2.i386.rpm

sparc:
ftp://updates.redhat.com/6.2/en/os/sparc/squid-2.4.STABLE6-6.6.2.sparc.rpm

Red Hat Linux 7.0:

SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/squid-2.4.STABLE6-6.7.0.src.rpm

alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/squid-2.4.STABLE6-6.7.0.alpha.rpm

i386:
ftp://updates.redhat.com/7.0/en/os/i386/squid-2.4.STABLE6-6.7.0.i386.rpm

Red Hat Linux 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/squid-2.4.STABLE6-6.7.1.src.rpm

alpha:
ftp://updates.redhat.com/7.1/en/os/alpha/squid-2.4.STABLE6-6.7.1.alpha.rpm

i386:
ftp://updates.redhat.com/7.1/en/os/i386/squid-2.4.STABLE6-6.7.1.i386.rpm

ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/squid-2.4.STABLE6-6.7.1.ia64.rpm

Red Hat Linux 7.2:

SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/squid-2.4.STABLE6-6.7.3.src.rpm

i386:
ftp://updates.redhat.com/7.2/en/os/i386/squid-2.4.STABLE6-6.7.3.i386.rpm

ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/squid-2.4.STABLE6-6.7.3.ia64.rpm

Red Hat Linux 7.3:

SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/squid-2.4.STABLE6-6.7.3.src.rpm

i386:
ftp://updates.redhat.com/7.3/en/os/i386/squid-2.4.STABLE6-6.7.3.i386.rpm
可使用下列命令安装补丁:

rpm -Fvh [文件名]



浏览次数:4778
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障