Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Red Hat 6.0 Advisory RHSA-1999:025-01 Critical: Squid Remote Access Risk

red hat
Calendar Grey December 7, 1999
Dist Redhat Esm H88
Uncover vulnerabilities associated with squid's cachemgr.cgi and guidelines to fortify your Red Hat environment against unauthorized external access.
cachemgr.cgi, the manager interface to Squid, is installed by default in /home/httpd/cgi-bin

Solution



For each RPM for your particular architecture, run:


rpm -Uvh filename


where filename is the name of the RPM.


Alternatively, you can simply disable the cachemgr.cgi,

by editing your http daemons access control files or

deleting/moving the cachemgr.cgi binary.


After installing the rpm, please restart squid by typing:


/etc/rc.d/init.d/squid restart



9. Verification:


MD5 sum Package Name


80d527634fc8d8d2029532a628b3d924 squid-2.2.STABLE4-5.i386.rpm

65d18747148d7e3dae4249fe65c18c6b squid-2.2.STABLE4-5.alpha.rpm

734f84b949752fe39b5e58555210ff51 squid-2.2.STABLE4-5.sparc.rpm

02a93b0b1985f8d5c77eb8f3e8981eeb squid-2.2.STABLE4-5.src.rpm






These packages are also PGP signed by Red Hat Inc. for security. Our

key is available at:




You can verify each package with the following command:

rpm --checksig


If you only wish to verify that each package has not been corrupted o

tampered with, examine only the md5sum with the following command:

rpm --checksig --nopgp

Summary

References


Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Topic

Relevant Releases Architectures

Red Hat Linux 6.0, all architectures

4. Obsoleted by:

None

5. Conflicts with:

None

6. RPMs required:

Intel:

squid-

2.2.STABLE4-5.i386.rpm

Alpha:

squid-2.2.STABLE4-5.alpha.rpm

SPARC:

squid-2.2.STABLE4-5.sparc.rpm

Source:

squid-

2.2.STABLE4-5.src.rpm

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here