Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0832

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-0832
Last Modified 21 Aug 2010 12:21:21
Published 03 Nov 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0832

Summary

The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy.

Vulnerable Systems

Application

  • Squid 2.5.6


References

XF - squid-ntlmssp-dos(17218)

TRUSTIX - 2004-0047

BID - 11098

GENTOO - GLSA-200409-04

CONFIRM - http://www1.uk.squid-cache.org/squid/Versions/v2/2.5/bugs/#squid-2.5.STABLE6-ntlm_fetch_string

CONFIRM - http://www.squid-cache.org/bugs/show_bug.cgi?id=1045

MANDRAKE - MDKSA-2004:093

FEDORA - FLSA-2006:152809


Last Updated: 27 May 2016 10:38:46