64165 – www-proxy/squid: another DOS issue in Squid's NTLM authentication code

Bug 64165 - www-proxy/squid: another DOS issue in Squid's NTLM authentication code

Summary: www-proxy/squid: another DOS issue in Squid's NTLM authentication code

Status:	RESOLVED DUPLICATE of bug 61280

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All All

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	https://bugzilla.redhat.com/bugzilla/...
Whiteboard:	B3 [ebuild] vorlon
Keywords:

Depends on:
Blocks:

Reported:	2004-09-15 12:25 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified:	2011-10-30 22:39 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2004-09-15 12:25:02 UTC

From vendor-sec:

Opened by (Robert Scheck) on 2004-09-03 13:23 

 
Description of problem:
Certain malformed NTLMSSP packets could crash the NTLM helpers 
provided by Squid.

Version-Release number of selected component (if applicable):
squid-2.5.STABLE5-5

Actual results / Expected results:
Patch applying, I'll attached a patch merged from upstream.

Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2004-09-15 12:28:56 UTC

cyfred please apply the patch.

Comment 2 Matthias Geerdsen (RETIRED) gentoo-dev

2004-09-15 12:57:35 UTC

if I'm not mistaken this applies to version 2.5.5, but the current stable version is 2.5.6-r2
already fixed with GLSA 200409-04 ?

Comment 3 Matthias Geerdsen (RETIRED) gentoo-dev

2004-09-15 13:31:18 UTC

squid-2.5.STABLE6-ntlm_fetch_string.patch applied in squid-2.5.6-r2 already... covered by GLSA 200409-04

*** This bug has been marked as a duplicate of 61280 ***