Intrusion Prevention

Squid.NTLM.Type3.Message.Remote.DoS

Description

This indicates an attack attempt to exploit a denial of service vulnerability in Squid.
The vulnerability is caused due to an improper handling of NTLM type 3 messages in the NTLM "fakeauth_auth" helper.

Affected Products

Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
Trustix Secure Linux 2.2
Trustix Secure Linux 2.1
Trustix Secure Linux 1.5
Trustix Secure Enterprise Linux 2.0
Squid Web Proxy Cache 2.5 .STABLE7
Squid Web Proxy Cache 2.5 .STABLE6
Squid Web Proxy Cache 2.5 .STABLE5
Squid Web Proxy Cache 2.5 .STABLE4
Squid Web Proxy Cache 2.5 .STABLE3
Squid Web Proxy Cache 2.5 .STABLE1
SGI ProPack 3.0
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux 8.1
S.u.S.E. Linux 8.0 i386
S.u.S.E. Linux 8.0
RedHat Linux 9.0 i386
RedHat Linux 7.3 i386
RedHat Fedora Core2
RedHat Fedora Core1
Astaro Security Linux 4.0 17
Astaro Security Linux 4.0 16
Astaro Security Linux 4.0 08
Astaro Security Linux 3.217
Astaro Security Linux 3.2 16
Astaro Security Linux 3.2 15
Astaro Security Linux 3.2 12
Astaro Security Linux 3.2 11
Astaro Security Linux 3.2 10
Astaro Security Linux 3.2 00
Astaro Security Linux 2.0 30
Astaro Security Linux 2.0 27
Astaro Security Linux 2.0 26
Astaro Security Linux 2.0 25
Astaro Security Linux 2.0 24
Astaro Security Linux 2.0 23
Astaro Security Linux 2.0 16

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Apply the squid-2.5.STABLE7-fakeauth_auth patch, available from the Squid Web Proxy Cache Web site.
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth

CVE References

CVE-2005-0097