Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
91
security advisorydenial of servicegentooGentoo: GLSA-200409-04 Normal: Squid Denial Of Service Due To NTLM Auth
Squid is vulnerable to a denial of service attack which could crash its NTLM helpers.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200409-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Squid: Denial of service when using NTLM authentication Date: September 02, 2004 Bugs: #61280 ID: 200409-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Squid is vulnerable to a denial of service attack which could crash its NTLM helpers. Background ========= Squid is a full-featured Web Proxy Cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-proxy/squid = 2.5.6-r2 < 2.5 Description ========== Squid 2.5.x versions contain a bug in the functions ntlm_fetch_string() and ntlm_get_string() which lack checking the int32_t offset "o" for negative values. Impact ===== A remote attacker could cause a denial of service situation by sending certain malformed NTLMSSP packets if NTLM authentication is enabled. Workaround ========= Disable NTLM authentication by removing any "auth_param ntlm program ..." directives from squid.conf or use ntlm_auth from Samba-3.x. Resolution ========= All Squid users should upgrade to the latest stable version: # emerge sync # emerge -pv "> =net-www/squid-2.5.6-r2" # emerge "> =net-www/squid-2.5.6-r2" References ========= [ 1 ] Squid-2.5 Patches Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200409-04 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Sep 02, 2004
Gentoo
91
security advisoryhigh severitygentooGentoo: GLSA-200406-13 High: Squid NTLM Authentication Buffer Overflow
Squid contains a bug where it fails to properly check bounds of the 'pass' variable.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200406-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Squid: NTLM authentication helper buffer overflow Date: June 17, 2004 Bugs: #53367 ID: 200406-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Squid contains a bug where it fails to properly check bounds of the 'pass' variable. Background ========= Squid contains a bug in the function ntlm_check_auth(). It fails to do proper bounds checking on the values copyied to the 'pass' variable. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-www/squid = 2.5.5-r2 Description ========== Squid is a full-featured Web Proxy Cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Impact ===== If Squid is configured to use NTLM authentication, an attacker could exploit this vulnerability by sending a very long password. This could lead to arbitrary code execution with the permissions of the user running Squid. Workaround ========= There is no known workaround at this time. All users are encouraged to upgrade to the latest available version. Resolution ========= All Squid users should upgrade to the latest stable version: # emerge sync # emerge -pv "> =net-www/squid-2.5.5-r2" # emerge ">=net-www/squid-2.5.5-r2" References ========= [ 1 ] CAN-2004-0541 https://www.cve.org/CVERecord?id=CVE-CAN-2004-0541 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200406-13 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Jun 17, 2004
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!