Squid ntlm_check_auth Function NTLM Authentication Helper Password Handling Remote Overflow

critical Nessus Plugin ID 12294

Synopsis

The remote service is affected by a remote code execution vulnerability.

Description

The remote server is affected by a remote code execution vulnerability in the Squid Internet Object Cache server due to a failure to test the length of the user-supplied LanMan hash value in the ntlm_check_auth() function in libntlmssp.c. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause a stack-based buffer overflow, resulting in the execution of arbitrary code.

Note that Squid 2.5*-STABLE and 3.*-PRE are reportedly vulnerable.

Solution

Apply the relevant patch or upgrade to the latest version.

See Also

http://www.nessus.org/u?7990c203

Plugin Details

Severity: Critical

ID: 12294

File Name: squid_ntlm.nasl

Version: 1.29

Type: remote

Family: Firewalls

Published: 6/30/2004

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2004-0541

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:squid-cache:squid

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/7/2004

Vulnerability Publication Date: 6/9/2004

Exploitable With

Metasploit (Squid NTLM Authenticate Overflow)

Reference Information

CVE: CVE-2004-0541

BID: 10500