Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2004:242
HistoryJun 09, 2004 - 12:00 a.m.

(RHSA-2004:242) squid security update

2004-06-0900:00:00
access.redhat.com
12

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.967 High

EPSS

Percentile

99.6%

JSON

Squid is a full-featured Web proxy cache.

A buffer overflow was found within the NTLM authentication helper
routine. If Squid is configured to use the NTLM authentication helper,
a remote attacker could potentially execute arbitrary code by sending a
lengthy password. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0541 to this issue.

Note: The NTLM authentication helper is not enabled by default in Red Hat
Enterprise Linux 3. Red Hat Enterprise Linux 2.1 is not vulnerable to this
issue as it shipped with a version of Squid which did not contain the helper.

Users of Squid should update to this errata package which contains a
backported patch that is not vulnerable to this issue.

OSVersionArchitecturePackageVersionFilename
RedHatanyia64squid< 2.5.STABLE3-6.3Esquid-2.5.STABLE3-6.3E.ia64.rpm

Related

nessus 9
packetstorm 1
openvas 4
ubuntucve 1
cve 1
freebsd 1
gentoo 1
securityvulns 1
debiancve 1
suse 1
nessus
nessus
Mandrake Linux Security Advisory : squid (MDKSA-2004:059)
2004-07-31 00:00:00
GLSA-200406-13 : Squid: NTLM authentication helper buffer overflow
2004-08-30 00:00:00
FreeBSD : Buffer overflow in Squid NTLM authentication helper (183)
2004-07-06 00:00:00
packetstorm
packetstorm
Squid NTLM Authenticate Overflow
2009-10-27 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200406-13 (squid)
2008-09-24 00:00:00
FreeBSD Ports: squid
2008-09-04 00:00:00
FreeBSD Ports: squid
2008-09-04 00:00:00
ubuntucve
ubuntucve
CVE-2004-0541
2004-08-06 00:00:00
cve
cve
CVE-2004-0541
2004-08-06 04:00:00
freebsd
freebsd
Buffer overflow in Squid NTLM authentication helper
2004-05-20 00:00:00
gentoo
gentoo
Squid: NTLM authentication helper buffer overflow
2004-06-17 00:00:00
securityvulns
securityvulns
[Full-Disclosure] iDEFENSE Security Advisory 06.08.04: Squid Web Proxy Cache NTLM Authentication Helper Buffer Overflow Vulnerability
2004-06-09 00:00:00
debiancve
debiancve
CVE-2004-0541
2004-08-06 04:00:00
suse
suse
remote system compromise in squid
2004-06-09 14:47:16

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.967 High

EPSS

Percentile

99.6%

JSON
Related for RHSA-2004:242
nessus9packetstorm1openvas4ubuntucve1cve1freebsd1gentoo1securityvulns1debiancve1suse1