Squid < 2.5.STABLE6 NTLM Buffer Overflow

Critical Nessus Network Monitor Plugin ID 2185

Synopsis

The remote proxy server is affected by a buffer overflow.

Description

The remote server is running a Squid proxy server. This version is reported vulnerable to a remote buffer overflow in the NTLM authentication routine. If the client sends an overly long password or domain name, a buffer is overflowed on the server. This may result in the execution of arbitrary code on the Squid proxy server.

Solution

Upgrade to Squid version 2.5.STABLE6 or later, or apply the vendor-supplied patch.

See Also

http://www.redhat.com/archives/fedora-announce-list/2004-June/msg00013.html

http://www.squid-cache.org

http://www.squid-cache.org/Versions/v2/2.5/bugs

Plugin Details

Severity: Critical

ID: 2185

File Name: 2185.prm

Family: Web Servers

Published: 2004/08/30

Modified: 2016/01/19

Dependencies: 3389

Nessus ID: 12294

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:squid-cache:squid

Patch Publication Date: 2004/06/09

Vulnerability Publication Date: 2004/06/09

Exploitable With

Metasploit (Squid NTLM Authenticate Overflow)

Reference Information

CVE: CVE-2004-0541

BID: 10500