Squid MSNT Auth Helper Buffer Overflow Vulnerability

Solution:
SuSE updates are available. Reportedly, the vulnerable feature is not included in the default SuSE package.

For this vulnerability to be present, squid.conf contains the following entry:
authenticate_program /usr/local/squid/libexec/squid/msnt_auth

Additionally, allowusers and denyusers files must be used for access control.

The vendor has also made fixes available which address this issue, and users are advised to upgrade.

FreeBSD has released a Security Notice FreeBSD-SN-02:05. Users of FreeBSD systems are strongly urged to upgrade their ports tree to fix various reported issues. Further information can be found in the referenced Security Notice.

SCO has released advisory CSSA-2003-SCO.9 to address this issue.


National Science Foundation Squid Web Proxy 2.2

National Science Foundation Squid Web Proxy 2.2 STABLE5

National Science Foundation Squid Web Proxy 2.3 STABLE3

National Science Foundation Squid Web Proxy 2.3 STABLE4

National Science Foundation Squid Web Proxy 2.3

National Science Foundation Squid Web Proxy 2.3 STABLE5

National Science Foundation Squid Web Proxy 2.3 STABLE2

National Science Foundation Squid Web Proxy 2.3 STABLE4-11

National Science Foundation Squid Web Proxy 2.3.1

National Science Foundation Squid Web Proxy 2.4 STABLE2-3

National Science Foundation Squid Web Proxy 2.4 STABLE4

National Science Foundation Squid Web Proxy 2.4 STABLE6

National Science Foundation Squid Web Proxy 2.4 STABLE2

National Science Foundation Squid Web Proxy 2.4 PRE-STABLE

National Science Foundation Squid Web Proxy 2.4 STABLE2-2

National Science Foundation Squid Web Proxy 2.4 STABLE3

National Science Foundation Squid Web Proxy 2.4 DEVEL4

National Science Foundation Squid Web Proxy 2.4 DEVEL2

National Science Foundation Squid Web Proxy 2.4

National Science Foundation Squid Web Proxy 2.4 PRE-STABLE2

National Science Foundation Squid Web Proxy 2.4 STABLE1


 

Privacy Statement
Copyright 2010, SecurityFocus