Squid NTLM Component fakeauth Multiple Remote DoS

This script is Copyright (C) 2005-2011 Tenable Network Security, Inc.


Synopsis :

The remote service is vulnerable to a denial of service.

Description :

The remote SQUID server, an open source Proxy server, is vulnerable
to a Denial of Service in the fakeauth NTLM authentication module.

Exploitation of this bug can allow remote attackers to deny access to
legitimate users.

Squid 2.5*-STABLE are reported vulnerable.

See also :

http://www.nessus.org/u?af6b5d37

Solution :

Apply the relevant patch from
http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-fakeauth_auth.patch

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:ND)
Public Exploit Available : false

Family: Firewalls

Nessus Plugin ID: 16163 ()

Bugtraq ID: 12220
12324

CVE ID: CVE-2005-0096
CVE-2005-0097