Bugzilla – Bug 59696
VUL-0: CVE-2004-0832: CVE-2004-0832DoS in squid NTLM authentication
Last modified: 2021-10-16 09:02:00 UTC
Heise reports about a DoS in squid's NTLM authentication http://www1.uk.squid-cache.org/squid/Versions/v2/2.5/bugs/#squid-2.5.STABLE6-ntlm_fetch_string Apparently you have already applied this patch in STABLE. Are released versions not affected or is it just a different patch for an old issue?
Yes, I updated STABLE recently. :-) According to Heise all of our maintained versions are affected. According to the specfiles (grep'ed for ntlm :-), 2.5.STABLE1 and later is affected: SuLi 8.2, 8.3, 9.0, 9.1, SLES9, and maybe other products? Bad news: I don't know how important that stuff is, but I don't have enough time to fix it within this week (2004-09-06 - 2004-09-12).
CAN-2004-0832
Patches made and submited. Patch-management: I don't have a Windows, so I cannot test. Please test any version. TIA. Security-team: please handle rest of process: putonftp, patchinfo, etc.
Created attachment 23302 [details] /work/src/done/PATCHINFO/squid.patch.box 8.2,9.0,9.1
Created attachment 23303 [details] /work/src/done/PATCHINFO/squid.patch.maintained sles9
reassigned to Ludwig for the ease of tracking this issue.
packages were approved...
CVE-2004-0832: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)