Squid Crafted NTLM Authentication Header DoS

medium Nessus Plugin ID 20010

Synopsis

The remote web proxy server is prone to denial of service attacks.

Description

The version of Squid, an open source web proxy cache, installed on the remote host will abort if it receives a specially crafted NTLM challenge packet. A remote attacker can exploit this issue to stop the affected application, thereby denying access to legitimate users.

Solution

Apply the patch referenced in the bug report or upgrade to Squid 2.5.STABLE11 or later.

See Also

http://www.nessus.org/u?133a8605

Plugin Details

Severity: Medium

ID: 20010

File Name: squid_ntlm_dos.nasl

Version: 1.21

Type: remote

Family: Firewalls

Published: 10/12/2005

Updated: 4/24/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2005-2917

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:squid-cache:squid

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 9/13/2005

Reference Information

CVE: CVE-2005-2917

BID: 14977