Press CTRL-D to bookmark us
Welcome Guest Login / Register / Members
Search in  
Top Submit newsSubscribe
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
 

 Sponsored links

Want to become one of our authors and see your work published on ALLSeek.iNFO ?
 
 Squid May Disclose Random Internal Information to Remote Users
Categorie: Vulnerability
Posted: 2004-12-11 by ReCall
Views: 492
Source: Click here
 		Current Rating: Not rated
Poor Best
 Details
Description: A vulnerability was reported in Squid. A remote user may be able to obtain random internal information from the target server.

Artur Szostak reported that a remote user can submit a sequence of malformed hostnames to trigger failed DNS lookups to cause the target Squid server to return random data as error messages. The random data may contain data from other requests.

A demonstration exploit request is provided:

http://./.gz/

Impact: A remote user may be able to obtain random internal information from the target server.

Solution: A patch is available at:

http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-dothost.patch
 
Syndication
Permalink Email this

The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=1192

User comments (post your comments here)

Only registerd members can post comments and articles
 
Previous articleBack to news listNext article
 


InterJOB.su
Bookmark us | Set As Homepage | Advertising | Contact Us | Recomend us | Link us | Links | Terms

SpyLOG Page Rank Checker
LAST QUERIES