Squid FTP Proxy Data Channel Vulnerabilities

Solution:
Sanity checks have been introduced into Squid as a default configuration option. The checks will prevent any attempt to carry out these attacks. If support for different control/data addresses is required, disabling the ftp_sanitycheck directive will remove the sanity checking.

FreeBSD has released a Security Notice FreeBSD-SN-02:05. Users of FreeBSD systems are strongly urged to upgrade their ports tree to fix various reported issues. Further information can be found in the referenced Security Notice.

Updated packages are available.


National Science Foundation Squid Web Proxy 2.2

National Science Foundation Squid Web Proxy 2.2 STABLE5

National Science Foundation Squid Web Proxy 2.3 STABLE3

National Science Foundation Squid Web Proxy 2.3 STABLE4

National Science Foundation Squid Web Proxy 2.3

National Science Foundation Squid Web Proxy 2.3 STABLE5

National Science Foundation Squid Web Proxy 2.3 STABLE2

National Science Foundation Squid Web Proxy 2.3 STABLE4-11

National Science Foundation Squid Web Proxy 2.3.1

National Science Foundation Squid Web Proxy 2.4 STABLE2-3

National Science Foundation Squid Web Proxy 2.4 STABLE4

National Science Foundation Squid Web Proxy 2.4 STABLE6

National Science Foundation Squid Web Proxy 2.4 STABLE2

National Science Foundation Squid Web Proxy 2.4 PRE-STABLE

National Science Foundation Squid Web Proxy 2.4 STABLE2-2

National Science Foundation Squid Web Proxy 2.4 STABLE3

National Science Foundation Squid Web Proxy 2.4 DEVEL4

National Science Foundation Squid Web Proxy 2.4 DEVEL2

National Science Foundation Squid Web Proxy 2.4

National Science Foundation Squid Web Proxy 2.4 PRE-STABLE2

National Science Foundation Squid Web Proxy 2.4 STABLE1


 

Privacy Statement
Copyright 2010, SecurityFocus