Squid NTLM Authentication NTLMSSP Packet Remote DoS
Medium Log Correlation Engine Plugin ID 801032
SynopsisThe remote host is vulnerable to a Denial of Service (DoS) attack.
DescriptionThe remote server is running a Squid proxy server. This version is reported vulnerable to a remote denial of service in the NTLM authentication routine. If NTLM authentication is enabled, an attacker may deny service to legitimate users by sending malformed NTLMSSP packets.
SolutionApply the relevant patch from http://www.squid-cache.org/squid/Versions/v2/2.5/bugs/squid-2.5.STABLE6-ntlm_fetch_string.patch