Squid Remote NTLM Authentication Password Handling Remote Overflow

High Log Correlation Engine Plugin ID 801046

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote server is running a Squid proxy server. This version is reported vulnerable to a remote buffer overflow in the NTLM authentication routine. Exploitation of this vulnerability can allow remote attackers to gain access to confidential data.

Solution

Upgrade or patch according to vendor recommendations.

See Also

labs.idefense.com/intelligence/vulnerabilities/display.php?id=107

http://.squid-cache.org

Plugin Details

Severity: High

ID: 801046

File Name: 801046.prm

Family: Web Servers

Nessus ID: 12294

Risk Information

Risk Factor: High

CVSSv2

Base Score: 2.1

Temporal Score: 1.7

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Exploitable With

Metasploit (Squid NTLM Authenticate Overflow)

Reference Information

CVE: CVE-2004-0541

BID: 10500