Squid < 2.5.STABLE6 NTLM Buffer Overflow

critical Nessus Network Monitor Plugin ID 2185

Synopsis

The remote proxy server is affected by a buffer overflow.

Description

The remote server is running a Squid proxy server. This version is reported vulnerable to a remote buffer overflow in the NTLM authentication routine. If the client sends an overly long password or domain name, a buffer is overflowed on the server. This may result in the execution of arbitrary code on the Squid proxy server.

Solution

Upgrade to Squid version 2.5.STABLE6 or later, or apply the vendor-supplied patch.

See Also

http://www.redhat.com/archives/fedora-announce-list/2004-June/msg00013.html

http://www.squid-cache.org

http://www.squid-cache.org/Versions/v2/2.5/bugs

Plugin Details

Severity: Critical

ID: 2185

Family: Web Servers

Published: 8/30/2004

Updated: 3/6/2019

Nessus ID: 12294

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:squid-cache:squid

Patch Publication Date: 6/9/2004

Vulnerability Publication Date: 6/9/2004

Exploitable With

Metasploit (Squid NTLM Authenticate Overflow)

Reference Information

CVE: CVE-2004-0541

BID: 10500