Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2004-059.NASL
HistoryJul 31, 2004 - 12:00 a.m.

Mandrake Linux Security Advisory : squid (MDKSA-2004:059)

2004-07-3100:00:00
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
www.tenable.com
10
JSON

A vulnerability exists in squid’s NTLM authentication helper. This buffer overflow can be exploited by a remote attacker by sending an overly long password, thus overflowing the buffer and granting the ability to execute arbitrary code. This can only be exploited, however, if NTLM authentication is used. NTLM authentication is built by default in Mandrakelinux packages, but is not enabled in the default configuration.

The vulnerability exists in 2.5.-STABLE and 3.-PRE. The provided packages are patched to fix this problem.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2004:059. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(14158);
  script_version("1.21");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2004-0541");
  script_xref(name:"MDKSA", value:"2004:059");

  script_name(english:"Mandrake Linux Security Advisory : squid (MDKSA-2004:059)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Mandrake Linux host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A vulnerability exists in squid's NTLM authentication helper. This
buffer overflow can be exploited by a remote attacker by sending an
overly long password, thus overflowing the buffer and granting the
ability to execute arbitrary code. This can only be exploited,
however, if NTLM authentication is used. NTLM authentication is built
by default in Mandrakelinux packages, but is not enabled in the
default configuration.

The vulnerability exists in 2.5.*-STABLE and 3.*-PRE. The provided
packages are patched to fix this problem."
  );
  # http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?f742b61a"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected squid package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Squid NTLM Authenticate Overflow');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:squid");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2004/06/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK10.0", reference:"squid-2.5.STABLE4-1.2.100mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"squid-2.5.STABLE1-7.2.91mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK9.2", reference:"squid-2.5.STABLE3-3.2.92mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxsquidp-cpe:/a:mandriva:linux:squid
mandrakesoftmandrake_linux10.0cpe:/o:mandrakesoft:mandrake_linux:10.0
mandrakesoftmandrake_linux9.1cpe:/o:mandrakesoft:mandrake_linux:9.1
mandrakesoftmandrake_linux9.2cpe:/o:mandrakesoft:mandrake_linux:9.2

Related

packetstorm 1
nessus 8
redhat 1
openvas 4
ubuntucve 1
cve 1
cvelist 1
gentoo 1
freebsd 1
securityvulns 1
debiancve 1
suse 1
packetstorm
packetstorm
Squid NTLM Authenticate Overflow
2009-10-27 00:00:00
nessus
nessus
Fedora Core 1 : squid-2.5.STABLE3-2.fc1 (2004-163)
2004-07-23 00:00:00
FreeBSD : Buffer overflow in Squid NTLM authentication helper (6f955451-ba54-11d8-b88c-000d610a3b12)
2009-04-23 00:00:00
RHEL 3 : squid (RHSA-2004:242)
2004-07-06 00:00:00
redhat
redhat
(RHSA-2004:242) squid security update
2004-06-09 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200406-13 (squid)
2008-09-24 00:00:00
FreeBSD Ports: squid
2008-09-04 00:00:00
FreeBSD Ports: squid
2008-09-04 00:00:00
ubuntucve
ubuntucve
CVE-2004-0541
2004-08-06 00:00:00
cve
cve
CVE-2004-0541
2004-08-06 04:00:00
cvelist
cvelist
CVE-2004-0541
2004-06-10 04:00:00
gentoo
gentoo
Squid: NTLM authentication helper buffer overflow
2004-06-17 00:00:00
freebsd
freebsd
Buffer overflow in Squid NTLM authentication helper
2004-05-20 00:00:00
securityvulns
securityvulns
[Full-Disclosure] iDEFENSE Security Advisory 06.08.04: Squid Web Proxy Cache NTLM Authentication Helper Buffer Overflow Vulnerability
2004-06-09 00:00:00
debiancve
debiancve
CVE-2004-0541
2004-08-06 04:00:00
suse
suse
remote system compromise in squid
2004-06-09 14:47:16
JSON
Related for MANDRAKE_MDKSA-2004-059.NASL
packetstorm1nessus8redhat1openvas4ubuntucve1cve1cvelist1gentoo1freebsd1securityvulns1debiancve1suse1