FreeBSD : Buffer overflow in Squid NTLM authentication helper (6f955451-ba54-11d8-b88c-000d610a3b12)

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Remote exploitation of a buffer overflow vulnerability in the NTLM
authentication helper routine of the Squid Web Proxy Cache could allow
a remote attacker to execute arbitrary code. A remote attacker can
compromise a target system if the Squid Proxy is configured to use the
NTLM authentication helper. The attacker can send an overly long
password to overflow the buffer and execute arbitrary code.

See also :

http://www.nessus.org/u?f742b61a
http://bugs.squid-cache.org/show_bug.cgi?id=998
http://www.nessus.org/u?e8972e2d

Solution :

Update the affected package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 36518 (freebsd_pkg_6f955451ba5411d8b88c000d610a3b12.nasl)

Bugtraq ID: 10500

CVE ID: CVE-2004-0541

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now