FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Buffer overflow in Squid NTLM authentication helper

Affected packages
squid < 2.5.5_9

Details

VuXML ID 6f955451-ba54-11d8-b88c-000d610a3b12
Discovery 2004-05-20
Entry 2004-06-09

Remote exploitation of a buffer overflow vulnerability in the NTLM authentication helper routine of the Squid Web Proxy Cache could allow a remote attacker to execute arbitrary code. A remote attacker can compromise a target system if the Squid Proxy is configured to use the NTLM authentication helper. The attacker can send an overly long password to overflow the buffer and execute arbitrary code.

References

Bugtraq ID 10500
CVE Name CVE-2004-0541
URL http://secunia.com/advisories/11804
URL http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities&flashstatus=false
URL http://www.osvdb.org/6791
URL http://www.squid-cache.org/bugs/show_bug.cgi?id=998

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.