Mandrake Linux Security Advisory : squid (MDKSA-2004:059)
Critical Nessus Plugin ID 14158
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionA vulnerability exists in squid's NTLM authentication helper. This buffer overflow can be exploited by a remote attacker by sending an overly long password, thus overflowing the buffer and granting the ability to execute arbitrary code. This can only be exploited, however, if NTLM authentication is used. NTLM authentication is built by default in Mandrakelinux packages, but is not enabled in the default configuration.
The vulnerability exists in 2.5.*-STABLE and 3.*-PRE. The provided packages are patched to fix this problem.
SolutionUpdate the affected squid package.