Remote exploitation of a buffer overflow vulnerability in Squid Web
Proxy Cache could allow a remote attacker to execute arbitrary code.
Squid Web Proxy Cache supports Basic, Digest and NTLM authentication.
The vulnerability specifically exists within the NTLM authentication
helper routine, ntlm_check_auth(), located in
iDEFENSE has confirmed the existence of this vulnerability in
Squid-Proxy 2.5.*-STABLE and 3.*-PRE when Squid-Proxy is compiled with
the NTLM helper enabled.
I think the default is not to use NTLM auth cache helper so I rated this as C1 rather than B1.
Andrew: could you apply the patch provided at :
and bump to 2.5.5-r2 ?
Please also confirm if default configuration files shipped in Gentoo enable the NTLM auth cache helper or not...
Right, it's compiled in, but not enabled by default.
OK fix now just gone into CVS...
x86 ppc sparc alpha hppa ia64: please mark stable
Stable on alpha.
Stable on hppa.
Stable on sparc.
Stable on x86.
GLSA drafted: security please review
ppc please mark stable
Please remove old unneeded versions from portage.
ia64 also remember to mark stable.
Stable on ppc.
waiting for ia64 to mark stable