|
|
CVE Reference: CVE-2004-0832 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2004-0832 |
|
|
Description: The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/17218 TRUSTIX http://www.trustix.org/errata/2004/0047/ OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10489 MANDRAKE http://www.mandriva.com/security/advisories?name=MDKSA-2004:093 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200409-04.xml FEDORA http://fedoranews.org/updates/FEDORA--.shtml CONFIRM http://www.squid-cache.org/bugs/show_bug.cgi?id=1045 http://www1.uk.squid-cache.org/squid/Versions/v2/2.5/bugs/#squid-2.5.STABLE6-ntlm_fetch_string BID 11098 |
|
| Return to the previous page. |
