Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0541

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0541
Last Modified 21 Aug 2010 12:20:43
Published 06 Aug 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0541

Summary

Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable).

Vulnerable Systems

Application

  • National Science Foundation Squid Web Proxy Cache 2.5 Stable

  • National Science Foundation Squid Web Proxy Cache 3 Pre


References

XF - squid-ntlm-bo(16360)

REDHAT - RHSA-2004:242

MISC - http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities

GENTOO - GLSA-200406-13

TRUSTIX - 2004-0033

SGI - 20040604-01-U

BID - 10500

FEDORA - FLSA-2006:152809


Last Updated: 27 May 2016 10:38:38