|
|
Info |
Last Modified |
| about 1 year ago |
|
|
|
|
|
Description |
A remote overflow exists in the Squid Internet Object Cache server. Squid fails to correctly test the length of the user-supplied LanMan Hash value in the ntlm_check_auth() function resulting in a stack-based buffer overflow. With a specially crafted request, an attacker can execute arbitrary code on the system with the privileges the Squid process is running under. This flaw can only be exploited if Squid was compiled with the NTLM authentication helper enabled.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
|
|
Technical |
The problem exists in the ntlm_check_auth() function, located in the helpers/ntlm_auth/SMB/libntlmssp.c file. The "pass" buffer is located on the stack with a static size of 25 bytes. User-controlled data is copied to the "pass" buffer without any bounds checking via memcpy, leading to a standard stack-based buffer overflow and remote code execution.
|
|
Solution |
A patch has been released for this vulnerability available from the Squid website. Additionally, Squid can be recompiled to disable NTLM authentication.
|
|
Products |
|
Squid Internet Object Cache
 |
2.5-STABLE5 |
3.0-PRE3-230040720 |
|
|
|
|
|
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
