BID:12324

Squid Proxy NTLM Fakeauth_Auth Memory Leak Remote Denial Of Service Vulnerability

Info

Squid Proxy NTLM Fakeauth_Auth Memory Leak Remote Denial Of Service Vulnerability

Bugtraq ID:	12324
Class:	Design Error
CVE:	CVE-2005-0096
Remote:	Yes
Local:	No
Published:	Jan 20 2005 12:00AM
Updated:	Mar 07 2007 04:55AM
Credit:	This vulnerability was announced by the vendor.
Vulnerable:	Ubuntu Ubuntu Linux 4.1 ppc Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ia32 Turbolinux Turbolinux Workstation 8.0 Turbolinux Turbolinux Workstation 7.0 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Server 8.0 Turbolinux Turbolinux Server 7.0 Turbolinux Appliance Server Workgroup Edition 1.0 Turbolinux Appliance Server Hosting Edition 1.0 Trustix Secure Linux 2.2 Trustix Secure Linux 2.1 Trustix Secure Linux 1.5 Trustix Secure Enterprise Linux 2.0 SuSE Linux 8.1 SuSE Linux 8.0 i386 SuSE Linux 8.0 Squid Web Proxy Cache 2.5 .STABLE7 + Gentoo Linux + Redhat Fedora Core3 + Redhat Fedora Core2 Squid Web Proxy Cache 2.5 .STABLE6 + Mandriva Linux Mandrake 10.1 x86_64 + S.u.S.E. Linux Personal 9.2 x86_64 + S.u.S.E. Linux Personal 9.2 + Turbolinux Appliance Server 1.0 Workgroup Edition + Turbolinux Appliance Server 1.0 Hosting Edition + Turbolinux Appliance Server Hosting Edition 1.0 + Turbolinux Appliance Server Workgroup Edition 1.0 + Turbolinux Turbolinux Server 10.0 + Turbolinux Turbolinux Server 8.0 + Turbolinux Turbolinux Server 7.0 + Turbolinux Turbolinux Workstation 8.0 + Turbolinux Turbolinux Workstation 7.0 Squid Web Proxy Cache 2.5 .STABLE5 + S.u.S.E. Linux Personal 9.1 x86_64 + S.u.S.E. Linux Personal 9.1 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 Squid Web Proxy Cache 2.5 .STABLE4 + MandrakeSoft Corporate Server 3.0 + Mandriva Linux Mandrake 10.0 AMD64 + Mandriva Linux Mandrake 10.0 + OpenPKG OpenPKG 2.0 + OpenPKG OpenPKG Current Squid Web Proxy Cache 2.5 .STABLE3 + Mandriva Linux Mandrake 9.2 amd64 + Mandriva Linux Mandrake 9.2 + OpenPKG OpenPKG 1.3 + Redhat Desktop 3.0 + Redhat Enterprise Linux AS 3 + Redhat Enterprise Linux ES 3 + Redhat Enterprise Linux WS 3 + Redhat Fedora Core1 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 Squid Web Proxy Cache 2.5 .STABLE1 + Mandriva Linux Mandrake 9.1 ppc + Mandriva Linux Mandrake 9.1 + S.u.S.E. Linux Personal 8.2 Squid Web Proxy Cache 2.4 .STABLE7 + MandrakeSoft Corporate Server 2.1 x86_64 + MandrakeSoft Corporate Server 2.1 + MandrakeSoft Multi Network Firewall 2.0 + Redhat Enterprise Linux AS 2.1 IA64 + Redhat Enterprise Linux AS 2.1 + Redhat Enterprise Linux ES 2.1 IA64 + Redhat Enterprise Linux ES 2.1 + Redhat Enterprise Linux WS 2.1 IA64 + Redhat Enterprise Linux WS 2.1 + Redhat Linux Advanced Work Station 2.1 Squid Web Proxy Cache 2.4 .STABLE6 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 Squid Web Proxy Cache 2.4 .STABLE2 Squid Web Proxy Cache 2.4 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 Squid Web Proxy Cache 2.3 .STABLE5 Squid Web Proxy Cache 2.3 .STABLE4 Squid Web Proxy Cache 2.1 PATCH2 Squid Web Proxy Cache 2.0 PATCH2 SGI ProPack 3.0 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 Redhat Linux 9.0 i386 Redhat Linux 7.3 i386 Redhat Fedora Core2 Redhat Fedora Core1 Gentoo Linux Astaro Security Linux 4.0 16 Astaro Security Linux 4.0 08 Astaro Security Linux 3.217 Astaro Security Linux 3.2 16 Astaro Security Linux 3.2 15 Astaro Security Linux 3.2 12 Astaro Security Linux 3.2 11 Astaro Security Linux 3.2 10 Astaro Security Linux 3.2 00 Astaro Security Linux 2.0 30 Astaro Security Linux 2.0 27 Astaro Security Linux 2.0 26 Astaro Security Linux 2.0 25 Astaro Security Linux 2.0 24 Astaro Security Linux 2.0 23 Astaro Security Linux 2.0 16

Not Vulnerable:

Discussion

Squid Proxy NTLM Fakeauth_Auth Memory Leak Remote Denial Of Service Vulnerability

Squid is reported to be susceptible to a denial-of-service vulnerability in its NTLM authentication module.

This vulnerability presents itself when an attacker sends unspecified NTLM data to Squid. The issue is caused by a memory leak -- memory allocated to store a base64-decoded string is not freed.

Presumably, this issue allows an attacker to cause the NTLM helper application to run out of memory and fail.

Exploit / POC

Squid Proxy NTLM Fakeauth_Auth Memory Leak Remote Denial Of Service Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

Squid Proxy NTLM Fakeauth_Auth Memory Leak Remote Denial Of Service Vulnerability

Solution:
Please see the referenced vendor advisories for more information and fixes.

Squid Web Proxy Cache 2.4 .STABLE7

SuSE squid-2.4.STABLE7-288.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/squid-2.4.STABLE7 -288.i586.rpm

Squid Web Proxy Cache 2.4 .STABLE6

RedHat squid-2.4.STABLE7-0.73.3.legacy.i386.rpm
Red Hat Linux 7.3:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/squid-2.4.STA BLE7-0.73.3.legacy.i386.rpm

Squid Web Proxy Cache 2.5 .STABLE7

Squid squid-2.5.STABLE7-fakeauth_auth.patch
http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-fake auth_auth.patch

Trustix squid-2.5.STABLE7-2tr.i586.rpm
Trustix Secure Linux 2.2
ftp://ftp.trustix.org/pub/trustix/updates/

Squid Web Proxy Cache 2.5 .STABLE6

SuSE squid-2.5.STABLE6-6.4.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/squid-2.5.STABLE6 -6.4.i586.rpm

SuSE squid-2.5.STABLE6-6.4.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/squid-2.5.STA BLE6-6.4.x86_64.rpm

SuSE squid-2.5.STABLE6-6.6.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/squid-2.5.STABLE6 -6.6.i586.rpm

SuSE squid-2.5.STABLE6-6.6.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/squid-2.5.STA BLE6-6.6.x86_64.rpm

Squid Web Proxy Cache 2.5 .STABLE1

RedHat squid-2.5.STABLE1-9.10.legacy.i386.rpm
Red Hat Linux 9:
http://download.fedoralegacy.org/redhat/9/updates/i386/squid-2.5.STABL E1-9.10.legacy.i386.rpm

SuSE squid-2.5.STABLE1-104.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/squid-2.5.STABLE1 -104.i586.rpm

SuSE squid-2.5.STABLE1-106.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/squid-2.5.STABLE1 -106.i586.rpm

Squid Web Proxy Cache 2.5 .STABLE3

RedHat squid-2.5.STABLE3-2.fc1.6.legacy.i386.rpm
Fedora Core 1:
http://download.fedoralegacy.org/fedora/1/updates/i386/squid-2.5.STABL E3-2.fc1.6.legacy.i386.rpm

SuSE squid-2.5.STABLE3-116.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/squid-2.5.STABLE3 -116.i586.rpm

SuSE squid-2.5.STABLE3-116.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/squid-2.5.STA BLE3-116.x86_64.rpm

SuSE squid-2.5.STABLE3-118.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/squid-2.5.STABLE3 -118.i586.rpm

SuSE squid-2.5.STABLE3-118.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/squid-2.5.STA BLE3-118.x86_64.rpm

Squid Web Proxy Cache 2.5 .STABLE5

Conectiva squid-2.5.5-25761U90_9cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/squid-2.5.5-25761U90_9cl.i3 86.rpm

Conectiva squid-2.5.5-63116U10_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/squid-2.5.5-63116U10_6cl.i 386.rpm

Conectiva squid-auth-2.5.5-25761U90_9cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/squid-auth-2.5.5-25761U90_9 cl.i386.rpm

Conectiva squid-auth-2.5.5-63116U10_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/squid-auth-2.5.5-63116U10_ 6cl.i386.rpm

Conectiva squid-extra-templates-2.5.5-25761U90_9cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/squid-extra-templates-2.5.5 -25761U90_9cl.i386.rpm

Conectiva squid-extra-templates-2.5.5-63116U10_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/squid-extra-templates-2.5. 5-63116U10_6cl.i386.rpm

RedHat squid-2.5.STABLE9-1.FC2.4.legacy.i386.rpm
Fedora Core 2:
http://download.fedoralegacy.org/fedora/2/updates/i386/squid-2.5.STABL E9-1.FC2.4.legacy.i386.rpm

SuSE squid-2.5.STABLE5-42.24.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/squid-2.5.STABLE5 -42.24.i586.rpm

SuSE squid-2.5.STABLE5-42.24.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/squid-2.5.STA BLE5-42.24.x86_64.rpm

SuSE squid-2.5.STABLE5-42.27.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/squid-2.5.STABLE5 -42.27.i586.rpm

SuSE squid-2.5.STABLE5-42.27.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/squid-2.5.STA BLE5-42.27.x86_64.rpm

Ubuntu squid-cgi_2.5.5-6ubuntu0.3_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5. 5-6ubuntu0.3_amd64.deb

Ubuntu squid-cgi_2.5.5-6ubuntu0.3_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5. 5-6ubuntu0.3_i386.deb

Ubuntu squid-cgi_2.5.5-6ubuntu0.3_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5. 5-6ubuntu0.3_powerpc.deb

Ubuntu squid-common_2.5.5-6ubuntu0.3_all.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.5 -6ubuntu0.3_all.deb

Ubuntu squid_2.5.5-6ubuntu0.3_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubunt u0.3_amd64.deb

Ubuntu squid_2.5.5-6ubuntu0.3_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubunt u0.3_i386.deb

Ubuntu squid_2.5.5-6ubuntu0.3_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubunt u0.3_powerpc.deb

Ubuntu squidclient_2.5.5-6ubuntu0.3_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2. 5.5-6ubuntu0.3_amd64.deb

Ubuntu squidclient_2.5.5-6ubuntu0.3_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2. 5.5-6ubuntu0.3_i386.deb

Ubuntu squidclient_2.5.5-6ubuntu0.3_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2. 5.5-6ubuntu0.3_powerpc.deb

SGI ProPack 3.0

SGI Patch10144
http://support.sgi.com/

References

Squid Proxy NTLM Fakeauth_Auth Memory Leak Remote Denial Of Service Vulnerability

References:

Bugzilla Bug 1183 fakeauth_auth memory leak and NULL pointer access (Squid)
fakeauth_auth memory leak and NULL pointer access (Squid)
RHSA-2005:061-19 - Updated Squid package fixes security issues (RedHat)
Up2Date 5.200 (Astaro)