Vulnerability Name:

CVE-2004-0541 (CCN-16360)

Assigned:2004-06-08
Published:2004-06-08
Updated:2018-05-03
Summary:Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable).
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: SGI
Type: UNKNOWN
20040604-01-U

Source: CCN
Type: iDEFENSE Security Advisory 06.08.04
Squid Web Proxy Cache NTLM Authentication Helper Buffer Overflow Vulnerability

Source: MITRE
Type: CNA
CVE-2004-0541

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2004:882
Fixes for squid vulnerabilities

Source: FEDORA
Type: UNKNOWN
FLSA-2006:152809

Source: CCN
Type: RHSA-2004-242
squid security update

Source: CCN
Type: CIAC Information Bulletin O-168
Squid - NTLM Authentication Buffer Overflow Vulnerability

Source: CCN
Type: GLSA-200406-13
Squid: NTLM authentication helper buffer overflow

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200406-13

Source: MISC
Type: Patch, Vendor Advisory
http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities

Source: CCN
Type: Trustix Secure Linux Security Advisory #2004-0033
squid

Source: CCN
Type: GLSA 200406-13
Squid: NTLM authentication helper buffer overflow

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:059

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2004:242

Source: BID
Type: UNKNOWN
10500

Source: CCN
Type: BID-10500
Squid Proxy NTLM Authentication Buffer Overflow Vulnerability

Source: CCN
Type: Squid Proxy Cache Security Update Advisory SQUID-2004:2
Buffer overflow bug in 'ntlm_auth' authentication helper.

Source: CCN
Type: Squid Web Proxy Cache Web site
Squid-2.5 Patches

Source: TRUSTIX
Type: Vendor Advisory
2004-0033

Source: XF
Type: UNKNOWN
squid-ntlm-bo(16360)

Source: XF
Type: UNKNOWN
squid-ntlm-bo(16360)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10722

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:980

Source: SUSE
Type: SUSE-SA:2004:016
squid: remote system compromise

Vulnerable Configuration:Configuration 1:
  • cpe:/a:national_science_foundation:squid_web_proxy_cache:2.5_stable:*:*:*:*:*:*:*
  • OR cpe:/a:national_science_foundation:squid_web_proxy_cache:3_pre:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:squid-cache:squid:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.5.stable5:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.5.stable4:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.5.stable3:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.5.stable1:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.4.stable7:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:10:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1::ppc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:10722
    V
    Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable).
    2013-04-29
    oval:org.mitre.oval:def:980
    V
    NTLM Authentication BO in Squid Web Proxy Cache
    2010-09-20
    oval:com.redhat.rhsa:def:20040242
    P
    RHSA-2004:242: squid security update (Moderate)
    2004-06-09
    BACK
    national_science_foundation squid web proxy cache 2.5_stable
    national_science_foundation squid web proxy cache 3_pre
    squid-cache squid 2.4
    squid-cache squid 2.5.stable5
    squid-cache squid 2.5.stable4
    squid-cache squid 2.5.stable3
    squid-cache squid 2.5.stable1
    squid-cache squid 2.4.stable7
    redhat linux 3.0
    suse suse linux 8.0
    gentoo linux *
    mandrakesoft mandrake linux 9.1
    suse suse linux 8.2
    conectiva linux 9.0
    trustix secure linux 2.0
    suse suse linux 9.0
    mandrakesoft mandrake linux 9.2
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    trustix secure linux 2.1
    mandrakesoft mandrake linux 10.0
    suse suse linux 9.1
    redhat enterprise linux 3
    conectiva linux 10
    mandrakesoft mandrake linux 9.1
    mandrakesoft mandrake linux 9.2
    mandrakesoft mandrake linux 10.0