| VID |
22312 |
| Severity |
20 |
| Port |
8080,3128 |
| Protocol |
TCP |
| Class |
Webproxy |
| Detailed Description |
The Squid Web Proxy Cache server, according to its version number, has a denial of service vulnerability in the fakeauth NTLM authentication module. Squid is a freely available Web Proxy server for Linux and Unix distributions. Squid Web Proxy Cache versions 2.5.STABLE0 through 2.5.STABLE7 are vulnerable to a denial of service attack, caused by a memory leak in the NTLM fakeauth_auth helper. A remote attacker can send a specially crafted NTLM type 3 message to cause a segmentation fault. It will cause the affected Squid application to deny access to legitimate users.
* Note: This check solely relied on the version number of the remote Squid Web Proxy Cache server to assess this vulnerability, so this might be a false positive.
* References:
http://www.squid-cache.org/bugs/show_bug.cgi?id=1183
http://www.securitytracker.com/alerts/2005/Jan/1012818.html
http://www.squid-cache.org
* Platforms Affected:
National Science Foundation, Squid Web Proxy Cache 2.5
Linux Any version
Unix Any version |
| Recommendation |
Apply the squid-2.5.STABLE7-fakeauth_auth patch, available from the Squid Web Proxy Cache Web site at http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-fakeauth_auth.patch |
| Related URL |
CVE-2005-0097 (CVE) |
| Related URL |
12220 (SecurityFocus) |
| Related URL |
18818 (ISS) |
|
