This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing a security update.
An updated squid package that fixes a security vulnerability in the
NTLM authentication helper is now available.
Squid is a full-featured Web proxy cache.
An out of bounds memory read bug was found within the NTLM
authentication helper routine. If Squid is configured to use the NTLM
authentication helper, a remote attacker could send a carefully
crafted NTLM authentication packet and cause Squid to crash. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-0832 to this issue.
Note: The NTLM authentication helper is not enabled by default in Red
Hat Enterprise Linux 3. Red Hat Enterprise Linux 2.1 is not vulnerable
to this issue as it shipped with a version of Squid which did not
contain the vulnerable helper.
Users of Squid should update to this erratum package, which contains a
backported patch and is not vulnerable to this issue.
See also :
Update the affected squid package.
Risk factor :
Medium / CVSS Base Score : 5.0
Family: Red Hat Local Security Checks
Nessus Plugin ID: 15410 ()
CVE ID: CVE-2004-0832
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.