Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2004:462
HistorySep 30, 2004 - 12:00 a.m.

(RHSA-2004:462) squid security update

2004-09-3000:00:00
access.redhat.com
15

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.036 Low

EPSS

Percentile

90.6%

JSON

Squid is a full-featured Web proxy cache.

An out of bounds memory read bug was found within the NTLM authentication
helper routine. If Squid is configured to use the NTLM authentication
helper, a remote attacker could send a carefully crafted NTLM
authentication packet and cause Squid to crash. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0832
to this issue.

Note: The NTLM authentication helper is not enabled by default in Red Hat
Enterprise Linux 3. Red Hat Enterprise Linux 2.1 is not vulnerable to this
issue as it shipped with a version of Squid which did not contain the
vulnerable helper.

Users of Squid should update to this erratum package, which contains a
backported patch and is not vulnerable to this issue.

OSVersionArchitecturePackageVersionFilename
RedHatanyia64squid< 2.5.STABLE3-6.3E.1squid-2.5.STABLE3-6.3E.1.ia64.rpm

Related

securityvulns 1
ubuntucve 1
nessus 5
openvas 5
cve 1
debiancve 1
freebsd 1
gentoo 1
ubuntu 1
suse 3
securityvulns
securityvulns
MDKSA-2004:093 - Updated squid packages fix DoS vulnerability
2004-09-16 00:00:00
ubuntucve
ubuntucve
CVE-2004-0832
2004-11-03 00:00:00
nessus
nessus
FreeBSD : squid -- NTLM authentication denial-of-service vulnerability (064225c5-1f53-11d9-836a-0090962cff2a)
2005-07-13 00:00:00
Mandrake Linux Security Advisory : squid (MDKSA-2004:093)
2004-09-16 00:00:00
RHEL 3 : squid (RHSA-2004:462)
2004-10-02 00:00:00
openvas
openvas
FreeBSD Ports: squid
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200409-04 (squid)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200409-04 (squid)
2008-09-24 00:00:00
cve
cve
CVE-2004-0832
2004-11-03 05:00:00
debiancve
debiancve
CVE-2004-0832
2004-11-03 05:00:00
freebsd
freebsd
squid -- NTLM authentication denial-of-service vulnerability
2004-08-18 00:00:00
gentoo
gentoo
Squid: Denial of service when using NTLM authentication
2004-09-02 00:00:00
ubuntu
ubuntu
squid vulnerabilities
2004-11-07 00:00:00
suse
suse
remote code execution in gtk2, gdk-pixbuf
2004-09-17 10:02:50
remote command execution in XFree86-libs, xshared
2004-09-17 13:37:17
remote denial-of-service in apache2
2004-09-15 15:46:39

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.036 Low

EPSS

Percentile

90.6%

JSON
Related for RHSA-2004:462
securityvulns1ubuntucve1nessus5openvas5cve1debiancve1freebsd1gentoo1ubuntu1suse3