Bug 64165

Summary:	www-proxy/squid: another DOS issue in Squid's NTLM authentication code
Product:	Gentoo Security	Reporter:	Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED DUPLICATE
Severity:	normal	CC:	andrewbevitt
Priority:	High
Version:	unspecified
Hardware:	All
OS:	All
URL:	https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131728
Whiteboard:	B3 [ebuild] vorlon
Package list:		Runtime testing required:	---

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2004-09-15 12:25:02 UTC

From vendor-sec:

Opened by (Robert Scheck) on 2004-09-03 13:23 

 
Description of problem:
Certain malformed NTLMSSP packets could crash the NTLM helpers 
provided by Squid.

Version-Release number of selected component (if applicable):
squid-2.5.STABLE5-5

Actual results / Expected results:
Patch applying, I'll attached a patch merged from upstream.

Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2004-09-15 12:28:56 UTC

cyfred please apply the patch.

Comment 2 Matthias Geerdsen (RETIRED) gentoo-dev

2004-09-15 12:57:35 UTC

if I'm not mistaken this applies to version 2.5.5, but the current stable version is 2.5.6-r2
already fixed with GLSA 200409-04 ?

Comment 3 Matthias Geerdsen (RETIRED) gentoo-dev

2004-09-15 13:31:18 UTC

squid-2.5.STABLE6-ntlm_fetch_string.patch applied in squid-2.5.6-r2 already... covered by GLSA 200409-04

*** This bug has been marked as a duplicate of 61280 ***