Vulnerability CVE-2004-0541

Vulnerability Name:

CVE-2004-0541 (CCN-16360)

Assigned:

2004-06-08

Published:

2004-06-08

Updated:

2018-05-03

Summary:

Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable).

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: SGI
Type: UNKNOWN
20040604-01-U

Source: CCN
Type: iDEFENSE Security Advisory 06.08.04
Squid Web Proxy Cache NTLM Authentication Helper Buffer Overflow Vulnerability

Source: MITRE
Type: CNA
CVE-2004-0541

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2004:882
Fixes for squid vulnerabilities

Source: FEDORA
Type: UNKNOWN
FLSA-2006:152809

Source: CCN
Type: RHSA-2004-242
squid security update

Source: CCN
Type: CIAC Information Bulletin O-168
Squid - NTLM Authentication Buffer Overflow Vulnerability

Source: CCN
Type: GLSA-200406-13
Squid: NTLM authentication helper buffer overflow

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200406-13

Source: MISC
Type: Patch, Vendor Advisory
http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities

Source: CCN
Type: Trustix Secure Linux Security Advisory #2004-0033
squid

Source: CCN
Type: GLSA 200406-13
Squid: NTLM authentication helper buffer overflow

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:059

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2004:242

Source: BID
Type: UNKNOWN
10500

Source: CCN
Type: BID-10500
Squid Proxy NTLM Authentication Buffer Overflow Vulnerability

Source: CCN
Type: Squid Proxy Cache Security Update Advisory SQUID-2004:2
Buffer overflow bug in 'ntlm_auth' authentication helper.

Source: CCN
Type: Squid Web Proxy Cache Web site
Squid-2.5 Patches

Source: TRUSTIX
Type: Vendor Advisory
2004-0033

Source: XF
Type: UNKNOWN
squid-ntlm-bo(16360)

Source: XF
Type: UNKNOWN
squid-ntlm-bo(16360)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10722

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:980

Source: SUSE
Type: SUSE-SA:2004:016
squid: remote system compromise

Vulnerable Configuration:

Configuration 1:

cpe:/a:national_science_foundation:squid_web_proxy_cache:2.5_stable:*:*:*:*:*:*:*

OR cpe:/a:national_science_foundation:squid_web_proxy_cache:3_pre:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:squid-cache:squid:2.4:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.5.stable5:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.5.stable4:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.5.stable3:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.5.stable1:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.4.stable7:*:*:*:*:*:*:*

AND

cpe:/o:redhat:linux:3.0:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*

OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:trustix:secure_linux:2.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:conectiva:linux:10:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.1::ppc:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:10722	V	Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable).	2013-04-29
oval:org.mitre.oval:def:980	V	NTLM Authentication BO in Squid Web Proxy Cache	2010-09-20
oval:com.redhat.rhsa:def:20040242	P	RHSA-2004:242: squid security update (Moderate)	2004-06-09

BACK