Mandrake Linux Security Advisory : squid (MDKSA-2004:059)

Critical Nessus Plugin ID 14158


The remote Mandrake Linux host is missing a security update.


A vulnerability exists in squid's NTLM authentication helper. This buffer overflow can be exploited by a remote attacker by sending an overly long password, thus overflowing the buffer and granting the ability to execute arbitrary code. This can only be exploited, however, if NTLM authentication is used. NTLM authentication is built by default in Mandrakelinux packages, but is not enabled in the default configuration.

The vulnerability exists in 2.5.*-STABLE and 3.*-PRE. The provided packages are patched to fix this problem.


Update the affected squid package.

See Also

Plugin Details

Severity: Critical

ID: 14158

File Name: mandrake_MDKSA-2004-059.nasl

Version: $Revision: 1.18 $

Type: local

Published: 2004/07/31

Modified: 2013/06/02

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:squid, cpe:/o:mandrakesoft:mandrake_linux:10.0, cpe:/o:mandrakesoft:mandrake_linux:9.1, cpe:/o:mandrakesoft:mandrake_linux:9.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2004/06/09

Exploitable With

Metasploit (Squid NTLM Authenticate Overflow)

Reference Information

CVE: CVE-2004-0541

MDKSA: 2004:059