| VID |
22269 |
| Severity |
40 |
| Port |
3128,8080 |
| Protocol |
TCP |
| Class |
Webproxy |
| Detailed Description |
The Squid caching proxy, according to its version number, is vulnerable to a NTLM authentication buffer overflow vulnerability.
Squid is a freely available Web Proxy server for Linux distributions. Squid Web Proxy Cache versions 2.5-STABLE and 3-PRE are vulnerable to a buffer overflow vulnerability when processing NTLM authentication credentials. This flaw is due to a failure of the application to properly validate buffer boundaries when copying user-supplied input. A remote attacker can compromise a target system if Squid Proxy is configured to use the NTLM authentication helper. The attacker can send an overly long password ("pass" variable) to overflow the buffer and execute arbitrary code on the system.
* Note: This check solely relied on the version number of the remote Squid caching proxy server to assess this vulnerability, so this might be a false positive.
* References:
http://www.ciac.org/ciac/bulletins/o-168.shtml
http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0191.html
* Platforms Affected:
National Science Foundation, Squid Web Proxy Cache 2.5-STABLE
National Science Foundation, Squid Web Proxy Cache 3-PRE
Linux Any version
Unix Any version |
| Recommendation |
For Squid Web Proxy Cache 2.5-STABLE:
Apply the patch for this vulnerability, as listed in official Squid-2.5 Patches site at http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE5-ntlm_auth_overflow.patch
For Red Hat Linux:
Upgrade to the latest squid package, as listed in Red Hat Security Advisory RHSA-2004:242-06 at https://rhn.redhat.com/errata/RHSA-2004-242.html
For SuSE Linux:
Upgrade to the latest squid package, as listed in SuSE Security Announcement SuSE-SA:2004:016 at http://www.suse.de/de/security/2004_16_squid.html
For Mandrake Linux:
Upgrade to the latest squid package, as listed in MandrakeSoft Security Advisory MDKSA-2004:059 at http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:059
For Trustix Secure Linux:
Upgrade to the latest squid package, as listed in Trustix Secure Linux Security Advisory #2004-0033 at http://www.linuxsecurity.com/advisories/trustix_advisory-4447.html
For Gentoo Linux:
Upgrade to the latest version of squid (2.5.5-r2 or later), as listed in Gentoo Linux Security Advisory GLSA 200406-13 at http://www.linuxsecurity.com/advisories/gentoo_advisory-4476.html
For other distributions:
Contact your vendor for upgrade or patch information. |
| Related URL |
CVE-2004-0541 (CVE) |
| Related URL |
10500 (SecurityFocus) |
| Related URL |
16360 (ISS) |
|
