ID CVE-2005-2917
Summary Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).
References
Vulnerable Configurations
  • cpe:2.3:a:squid:squid:2.5.9
    cpe:2.3:a:squid:squid:2.5.9
  • cpe:2.3:a:squid:squid:2.5.stable10
    cpe:2.3:a:squid:squid:2.5.stable10
CVSS
Base: 5.0 (as of 30-09-2005 - 14:07)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Firewalls
    NASL id SQUID_NTLM_DOS.NASL
    description The version of Squid, an open source web proxy cache, installed on the remote host will abort if it receives a specially crafted NTLM challenge packet. A remote attacker can exploit this issue to stop the affected application, thereby denying access to legitimate users.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 20010
    published 2005-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20010
    title Squid Crafted NTLM Authentication Header DoS
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-828.NASL
    description Upstream developers of squid, the popular WWW proxy cache, have discovered that changes in the authentication scheme are not handled properly when given certain request sequences while NTLM authentication is in place, which may cause the daemon to restart.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 19797
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19797
    title Debian DSA-828-1 : squid - authentication handling
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_44E7764C261411DA9E1EC296AC722CB3.NASL
    description The squid patches page notes : Squid may crash with the above error [FATAL: Incorrect scheme in auth header] when given certain request sentences. Workaround: disable NTLM authentication.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 21422
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21422
    title FreeBSD : squid -- possible denial of service condition regarding NTLM authentication (44e7764c-2614-11da-9e1e-c296ac722cb3)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0045.NASL
    description Updated squid packages that fix a security vulnerability as well as several bugs are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. A denial of service flaw was found in the way squid processes certain NTLM authentication requests. A remote attacker could send a specially crafted NTLM authentication request which would cause the Squid server to crash. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2917 to this issue. Several bugs have also been addressed in this update : * An error introduced in 2.5.STABLE3-6.3E.14 where Squid can crash if a user visits a site which has a long DNS record. * Some authentication helpers were missing needed setuid rights. * Squid couldn't handle a reply from a HTTP server when the reply began with the new-line character or wasn't HTTP/1.0 or HTTP/1.1 compliant. * User-defined error pages were not kept when the squid package was upgraded. All users of squid should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21879
    published 2006-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21879
    title CentOS 3 : squid (CESA-2006:0045)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-181.NASL
    description Squid 2.5.9, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart). The updated packages have been patched to address these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20041
    published 2005-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20041
    title Mandrake Linux Security Advisory : squid (MDKSA-2005:181)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-192-1.NASL
    description Mike Diggins discovered a remote Denial of Service vulnerability in Squid. Sending specially crafted NTML authentication requests to Squid caused the server to crash. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-15
    plugin id 20606
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20606
    title Ubuntu 4.10 / 5.04 : squid vulnerability (USN-192-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0052.NASL
    description An updated squid package that fixes a security vulnerability as well as several issues is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. A denial of service flaw was found in the way squid processes certain NTLM authentication requests. It is possible for a remote attacker to crash the Squid server by sending a specially crafted NTLM authentication request. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-2917 to this issue. The following issues have also been fixed in this update : * An error introduced in squid-2.5.STABLE6-3.4E.12 can crash Squid when a user visits a site that has a bit longer DNS record. * An error introduced in the old package prevented Squid from returning correct information about large file systems. The new package is compiled with the IDENT lookup support so that users who want to use it do not have to recompile it. * Some authentication helpers needed SETUID rights but did not have them. If administrators wanted to use cache administrator, they had to change the SETUID bit manually. The updated package sets this bit so the new package can be updated without manual intervention from administrators. * Squid could not handle a reply from an HTTP server when the reply began with the new-line character. * An issue was discovered when a reply from an HTTP server was not HTTP 1.0 or 1.1 compliant. * The updated package keeps user-defined error pages when the package is updated and it adds new ones. All users of squid should upgrade to this updated package, which resolves these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21976
    published 2006-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21976
    title CentOS 4 : squid (CESA-2006:0052)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0045.NASL
    description Updated squid packages that fix a security vulnerability as well as several bugs are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. A denial of service flaw was found in the way squid processes certain NTLM authentication requests. A remote attacker could send a specially crafted NTLM authentication request which would cause the Squid server to crash. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2917 to this issue. Several bugs have also been addressed in this update : * An error introduced in 2.5.STABLE3-6.3E.14 where Squid can crash if a user visits a site which has a long DNS record. * Some authentication helpers were missing needed setuid rights. * Squid couldn't handle a reply from a HTTP server when the reply began with the new-line character or wasn't HTTP/1.0 or HTTP/1.1 compliant. * User-defined error pages were not kept when the squid package was upgraded. All users of squid should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 21087
    published 2006-03-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21087
    title RHEL 3 : squid (RHSA-2006:0045)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0052.NASL
    description An updated squid package that fixes a security vulnerability as well as several issues is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. A denial of service flaw was found in the way squid processes certain NTLM authentication requests. It is possible for a remote attacker to crash the Squid server by sending a specially crafted NTLM authentication request. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-2917 to this issue. The following issues have also been fixed in this update : * An error introduced in squid-2.5.STABLE6-3.4E.12 can crash Squid when a user visits a site that has a bit longer DNS record. * An error introduced in the old package prevented Squid from returning correct information about large file systems. The new package is compiled with the IDENT lookup support so that users who want to use it do not have to recompile it. * Some authentication helpers needed SETUID rights but did not have them. If administrators wanted to use cache administrator, they had to change the SETUID bit manually. The updated package sets this bit so the new package can be updated without manual intervention from administrators. * Squid could not handle a reply from an HTTP server when the reply began with the new-line character. * An issue was discovered when a reply from an HTTP server was not HTTP 1.0 or 1.1 compliant. * The updated package keeps user-defined error pages when the package is updated and it adds new ones. All users of squid should upgrade to this updated package, which resolves these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 21031
    published 2006-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21031
    title RHEL 4 : squid (RHSA-2006:0052)
oval via4
accepted 2013-04-29T04:14:48.859-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).
family unix
id oval:org.mitre.oval:def:11580
status accepted
submitted 2010-07-09T03:56:16-04:00
title Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).
version 23
redhat via4
advisories
  • bugzilla
    id 174029
    title CVE-2005-2917 Squid malformed NTLM authentication DoS
    oval
    AND
    comment Red Hat Enterprise Linux 3 is installed
    oval oval:com.redhat.rhsa:tst:20060015001
    rhsa
    id RHSA-2006:0045
    released 2006-03-15
    severity Moderate
    title RHSA-2006:0045: squid security update (Moderate)
  • bugzilla
    id 172697
    title Squid doesn't handle headers split across packets
    oval
    AND
    comment Red Hat Enterprise Linux 4 is installed
    oval oval:com.redhat.rhsa:tst:20060016001
    rhsa
    id RHSA-2006:0052
    released 2006-03-07
    severity Moderate
    title RHSA-2006:0052: squid security update (Moderate)
refmap via4
bid 14977
debian DSA-828
fedora FLSA-2006:152809
mandriva MDKSA-2005:181
osvdb 19607
sco SCOSA-2005.49
sectrack 1014920
secunia
  • 16992
  • 17015
  • 17050
  • 17177
  • 19161
  • 19532
sgi 20060401-01-U
suse SUSE-SR:2005:027
ubuntu USN-192-1
xf squid-ntlm-authentication-dos(24282)
Last major update 21-08-2010 - 00:32
Published 30-09-2005 - 14:05
Last modified 10-10-2017 - 21:30
Back to Top