Executive Summary
| Summary | |
|---|---|
| Title | Updated squid package fixes security vulnerability |
| Informations | |||
|---|---|---|---|
| Name | RHSA-2004:242 | First vendor Publication | 2004-06-09 |
| Vendor | RedHat | Last vendor Modification | 2004-06-09 |
| Severity (Vendor) | N/A | Revision | 01 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Problem Description: |
Original Source
| Url : https://rhn.redhat.com/errata/RHSA-2004-242.html |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10722 | |||
| Oval ID: | oval:org.mitre.oval:def:10722 | ||
| Title: | Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable). | ||
| Description: | Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable). | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0541 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:980 | |||
| Oval ID: | oval:org.mitre.oval:def:980 | ||
| Title: | NTLM Authentication BO in Squid Web Proxy Cache | ||
| Description: | Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable). | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0541 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 2 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200406-13 (squid) File : nvt/glsa_200406_13.nasl |
| 2008-09-04 | Name : FreeBSD Ports: squid File : nvt/freebsd_squid11.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 6791 | Squid ntlm_check_auth Function NTLM Authentication Helper Password Handling R... A remote overflow exists in the Squid Internet Object Cache server. Squid fails to correctly test the length of the user-supplied LanMan Hash value in the ntlm_check_auth() function resulting in a stack-based buffer overflow. With a specially crafted request, an attacker can execute arbitrary code on the system with the privileges the Squid process is running under. This flaw can only be exploited if Squid was compiled with the NTLM authentication helper enabled. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Squid HTTP Proxy-Authorization overflow attempt RuleID : 12362 - Revision : 13 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-04-23 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_6f955451ba5411d8b88c000d610a3b12.nasl - Type : ACT_GATHER_INFO |
| 2004-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200406-13.nasl - Type : ACT_GATHER_INFO |
| 2004-07-31 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2004-059.nasl - Type : ACT_GATHER_INFO |
| 2004-07-25 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2004_016.nasl - Type : ACT_GATHER_INFO |
| 2004-07-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-163.nasl - Type : ACT_GATHER_INFO |
| 2004-07-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-164.nasl - Type : ACT_GATHER_INFO |
| 2004-07-06 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2004-242.nasl - Type : ACT_GATHER_INFO |
| 2004-06-30 | Name : The remote service is affected by a remote code execution vulnerability. File : squid_ntlm.nasl - Type : ACT_MIXED_ATTACK |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:48:31 |
|
