Mandrake Linux Security Advisory : squid (MDKSA-2004:059)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

A vulnerability exists in squid's NTLM authentication helper. This
buffer overflow can be exploited by a remote attacker by sending an
overly long password, thus overflowing the buffer and granting the
ability to execute arbitrary code. This can only be exploited,
however, if NTLM authentication is used. NTLM authentication is built
by default in Mandrakelinux packages, but is not enabled in the
default configuration.

The vulnerability exists in 2.5.*-STABLE and 3.*-PRE. The provided
packages are patched to fix this problem.

See also :

http://www.nessus.org/u?f742b61a

Solution :

Update the affected squid package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 14158 (mandrake_MDKSA-2004-059.nasl)

Bugtraq ID:

CVE ID: CVE-2004-0541

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now