Press CTRL-D to bookmark us
Welcome Guest Login / Register / Members
Search in  
Top Submit newsSubscribe
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
 

 Sponsored links

Want to become one of our authors and see your work published on ALLSeek.iNFO ?
 
 Squid ACLs May Be Confusing When Empty Lists are Declared
Categorie: Vulnerability
Posted: 2004-12-27 by ReCall
Views: 531
Source: Click here
 		Current Rating: Not rated
Poor Best
 Details
Description: A security issue was reported in the Squid proxy caching server. An administrator may be confused about the meaning of access controls in certain cases.

If any empty access control lists are declared, the system may implement an access control configuration that the administrator does not expect.

For example, the following lines will be parsed as "http_access allow somewhere":

acl something src "/path/to/empty_file.txt"
http_access allow something somewhere

The vendor has classified this as having "minor security" severity.

Impact: An administrator may be confused about the meaning of the implemented access controls when empty lists are defined.

Solution: A patch is available at:

http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch
 
Syndication
Permalink Email this

The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=1254

User comments (post your comments here)

Only registerd members can post comments and articles
 
Previous articleBack to news listNext article
 


InterJOB.su
Bookmark us | Set As Homepage | Advertising | Contact Us | Recomend us | Link us | Links | Terms

SpyLOG Page Rank Checker
LAST QUERIES