Squid Proxy Malformed NTLM Type 3 Message Remote Denial of Service Vulnerability
BID:12220
Info
Squid Proxy Malformed NTLM Type 3 Message Remote Denial of Service Vulnerability
| Bugtraq ID: | 12220 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2005-0097 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 11 2005 12:00AM |
| Updated: | Dec 20 2006 09:18PM |
| Credit: | This issue was reported by the vendor. |
| Vulnerable: |
Ubuntu Ubuntu Linux 4.1 ppc Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ia32 Trustix Secure Linux 2.2 Trustix Secure Linux 2.1 Trustix Secure Linux 1.5 Trustix Secure Enterprise Linux 2.0 SuSE Linux 8.1 SuSE Linux 8.0 i386 SuSE Linux 8.0 Squid Web Proxy Cache 2.5 .STABLE7 Squid Web Proxy Cache 2.5 .STABLE6 Squid Web Proxy Cache 2.5 .STABLE5 Squid Web Proxy Cache 2.5 .STABLE4 Squid Web Proxy Cache 2.5 .STABLE3 Squid Web Proxy Cache 2.5 .STABLE1 SGI ProPack 3.0 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 Redhat Linux 9.0 i386 Redhat Linux 7.3 i386 Redhat Fedora Core2 Redhat Fedora Core1 Astaro Security Linux 4.0 17 Astaro Security Linux 4.0 16 Astaro Security Linux 4.0 08 Astaro Security Linux 3.217 Astaro Security Linux 3.2 16 Astaro Security Linux 3.2 15 Astaro Security Linux 3.2 12 Astaro Security Linux 3.2 11 Astaro Security Linux 3.2 10 Astaro Security Linux 3.2 00 Astaro Security Linux 2.0 30 Astaro Security Linux 2.0 27 Astaro Security Linux 2.0 26 Astaro Security Linux 2.0 25 Astaro Security Linux 2.0 24 Astaro Security Linux 2.0 23 Astaro Security Linux 2.0 16 |
| Not Vulnerable: | |
Discussion
Squid Proxy Malformed NTLM Type 3 Message Remote Denial of Service Vulnerability
Squid is reported to be susceptible to a denial-of-service vulnerability in its NTLM authentication module. This vulnerability presents itself when an attacker sends a malformed NTLM Type 3 message to Squid.
Failure of NTLM authentication would result in the Squid application denying access to legitimate users of the proxy.
This vulnerability affects Squid 2.5.
Squid is reported to be susceptible to a denial-of-service vulnerability in its NTLM authentication module. This vulnerability presents itself when an attacker sends a malformed NTLM Type 3 message to Squid.
Failure of NTLM authentication would result in the Squid application denying access to legitimate users of the proxy.
This vulnerability affects Squid 2.5.
Exploit / POC
Squid Proxy Malformed NTLM Type 3 Message Remote Denial of Service Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
Squid Proxy Malformed NTLM Type 3 Message Remote Denial of Service Vulnerability
Solution:
Please see the referenced vendor advisories for more information and fixes.
Squid Web Proxy Cache 2.5 .STABLE7
Squid Web Proxy Cache 2.5 .STABLE6
Squid Web Proxy Cache 2.5 .STABLE1
Squid Web Proxy Cache 2.5 .STABLE3
Squid Web Proxy Cache 2.5 .STABLE5
SGI ProPack 3.0
Solution:
Please see the referenced vendor advisories for more information and fixes.
Squid Web Proxy Cache 2.5 .STABLE7
-
Squid squid-2.5.STABLE7-fakeauth_auth.patch
http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-fake auth_auth.patch -
Trustix squid-2.5.STABLE7-2tr.i586.rpm
Trustix Secure Linux 2.2
ftp://ftp.trustix.org/pub/trustix/updates/
Squid Web Proxy Cache 2.5 .STABLE6
-
SuSE squid-2.5.STABLE6-6.4.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/squid-2.5.STABLE6 -6.4.i586.rpm -
SuSE squid-2.5.STABLE6-6.4.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/squid-2.5.STA BLE6-6.4.x86_64.rpm -
SuSE squid-2.5.STABLE6-6.6.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/squid-2.5.STABLE6 -6.6.i586.rpm -
SuSE squid-2.5.STABLE6-6.6.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/squid-2.5.STA BLE6-6.6.x86_64.rpm
Squid Web Proxy Cache 2.5 .STABLE1
-
RedHat squid-2.5.STABLE1-9.10.legacy.i386.rpm
Red Hat Linux 9:
http://download.fedoralegacy.org/redhat/9/updates/i386/squid-2.5.STABL E1-9.10.legacy.i386.rpm -
SuSE squid-2.5.STABLE1-104.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/squid-2.5.STABLE1 -104.i586.rpm -
SuSE squid-2.5.STABLE1-106.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/squid-2.5.STABLE1 -106.i586.rpm
Squid Web Proxy Cache 2.5 .STABLE3
-
RedHat squid-2.5.STABLE3-2.fc1.6.legacy.i386.rpm
Fedora Core 1:
http://download.fedoralegacy.org/fedora/1/updates/i386/squid-2.5.STABL E3-2.fc1.6.legacy.i386.rpm -
SuSE squid-2.5.STABLE3-116.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/squid-2.5.STABLE3 -116.i586.rpm -
SuSE squid-2.5.STABLE3-116.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/squid-2.5.STA BLE3-116.x86_64.rpm -
SuSE squid-2.5.STABLE3-118.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/squid-2.5.STABLE3 -118.i586.rpm -
SuSE squid-2.5.STABLE3-118.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/squid-2.5.STA BLE3-118.x86_64.rpm
Squid Web Proxy Cache 2.5 .STABLE5
-
RedHat squid-2.5.STABLE9-1.FC2.4.legacy.i386.rpm
Fedora Core 2:
http://download.fedoralegacy.org/fedora/2/updates/i386/squid-2.5.STABL E9-1.FC2.4.legacy.i386.rpm -
SuSE squid-2.5.STABLE5-42.24.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/squid-2.5.STABLE5 -42.24.i586.rpm -
SuSE squid-2.5.STABLE5-42.24.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/squid-2.5.STA BLE5-42.24.x86_64.rpm -
SuSE squid-2.5.STABLE5-42.27.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/squid-2.5.STABLE5 -42.27.i586.rpm -
SuSE squid-2.5.STABLE5-42.27.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/squid-2.5.STA BLE5-42.27.x86_64.rpm -
Ubuntu squid-cgi_2.5.5-6ubuntu0.3_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5. 5-6ubuntu0.3_amd64.deb -
Ubuntu squid-cgi_2.5.5-6ubuntu0.3_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5. 5-6ubuntu0.3_i386.deb -
Ubuntu squid-cgi_2.5.5-6ubuntu0.3_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5. 5-6ubuntu0.3_powerpc.deb -
Ubuntu squid-common_2.5.5-6ubuntu0.3_all.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.5 -6ubuntu0.3_all.deb -
Ubuntu squid_2.5.5-6ubuntu0.3_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubunt u0.3_amd64.deb -
Ubuntu squid_2.5.5-6ubuntu0.3_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubunt u0.3_i386.deb -
Ubuntu squid_2.5.5-6ubuntu0.3_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubunt u0.3_powerpc.deb -
Ubuntu squidclient_2.5.5-6ubuntu0.3_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2. 5.5-6ubuntu0.3_amd64.deb -
Ubuntu squidclient_2.5.5-6ubuntu0.3_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2. 5.5-6ubuntu0.3_i386.deb -
Ubuntu squidclient_2.5.5-6ubuntu0.3_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2. 5.5-6ubuntu0.3_powerpc.deb
SGI ProPack 3.0
-
SGI Patch10144
http://support.sgi.com/
References
Squid Proxy Malformed NTLM Type 3 Message Remote Denial of Service Vulnerability
References:
References: