Squid Proxy NTLM Fakeauth_Auth Memory Leak Remote Denial Of Service Vulnerability

Squid Proxy NTLM Fakeauth_Auth Memory Leak Remote Denial Of Service Vulnerability

Squid is reported to be susceptible to a denial-of-service vulnerability in its NTLM authentication module.

This vulnerability presents itself when an attacker sends unspecified NTLM data to Squid. The issue is caused by a memory leak -- memory allocated to store a base64-decoded string is not freed.

Presumably, this issue allows an attacker to cause the NTLM helper application to run out of memory and fail.