Squid NTLM Component fakeauth Multiple Remote DoS

Medium Nessus Plugin ID 16163


The remote service is vulnerable to a denial of service.


The remote SQUID server, an open source Proxy server, is vulnerable to a Denial of Service in the fakeauth NTLM authentication module.

Exploitation of this bug can allow remote attackers to deny access to legitimate users.

Squid 2.5*-STABLE are reported vulnerable.


Apply the relevant patch from http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-fakeauth_auth.patch

See Also


Plugin Details

Severity: Medium

ID: 16163

File Name: squid_ntlm_fakeauth.nasl

Version: $Revision: 1.18 $

Type: remote

Family: Firewalls

Published: 2005/01/13

Modified: 2016/12/14

Dependencies: 10195

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/a:squid-cache:squid

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2005/01/08

Reference Information

CVE: CVE-2005-0096, CVE-2005-0097

BID: 12220, 12324

OSVDB: 12816, 13114