Vulnerability Name: | CVE-2004-0541 (CCN-16360) | ||||||||||||||||
Assigned: | 2004-06-08 | ||||||||||||||||
Published: | 2004-06-08 | ||||||||||||||||
Updated: | 2018-05-03 | ||||||||||||||||
Summary: | Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable). | ||||||||||||||||
CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||||||
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||||||
Vulnerability Type: | CWE-Other | ||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||
References: | Source: SGI Type: UNKNOWN 20040604-01-U Source: CCN Type: iDEFENSE Security Advisory 06.08.04 Squid Web Proxy Cache NTLM Authentication Helper Buffer Overflow Vulnerability Source: MITRE Type: CNA CVE-2004-0541 Source: CCN Type: Conectiva Linux Security Announcement CLSA-2004:882 Fixes for squid vulnerabilities Source: FEDORA Type: UNKNOWN FLSA-2006:152809 Source: CCN Type: RHSA-2004-242 squid security update Source: CCN Type: CIAC Information Bulletin O-168 Squid - NTLM Authentication Buffer Overflow Vulnerability Source: CCN Type: GLSA-200406-13 Squid: NTLM authentication helper buffer overflow Source: GENTOO Type: Patch, Vendor Advisory GLSA-200406-13 Source: MISC Type: Patch, Vendor Advisory http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities Source: CCN Type: Trustix Secure Linux Security Advisory #2004-0033 squid Source: CCN Type: GLSA 200406-13 Squid: NTLM authentication helper buffer overflow Source: MANDRAKE Type: UNKNOWN MDKSA-2004:059 Source: REDHAT Type: Patch, Vendor Advisory RHSA-2004:242 Source: BID Type: UNKNOWN 10500 Source: CCN Type: BID-10500 Squid Proxy NTLM Authentication Buffer Overflow Vulnerability Source: CCN Type: Squid Proxy Cache Security Update Advisory SQUID-2004:2 Buffer overflow bug in 'ntlm_auth' authentication helper. Source: CCN Type: Squid Web Proxy Cache Web site Squid-2.5 Patches Source: TRUSTIX Type: Vendor Advisory 2004-0033 Source: XF Type: UNKNOWN squid-ntlm-bo(16360) Source: XF Type: UNKNOWN squid-ntlm-bo(16360) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:10722 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:980 Source: SUSE Type: SUSE-SA:2004:016 squid: remote system compromise | ||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||
Oval Definitions | |||||||||||||||||
| |||||||||||||||||
BACK |