Squid NTLM Component fakeauth Multiple Remote DoS

medium Nessus Plugin ID 16163

Synopsis

The remote service is vulnerable to a denial of service.

Description

The remote SQUID server, an open source Proxy server, is vulnerable to a Denial of Service in the fakeauth NTLM authentication module.

Exploitation of this bug can allow remote attackers to deny access to legitimate users.

Squid 2.5*-STABLE are reported vulnerable.

Solution

Apply the relevant patch from the vendor advisory.

See Also

http://www.nessus.org/u?af6b5d37

http://www.nessus.org/u?78f21fa1

Plugin Details

Severity: Medium

ID: 16163

File Name: squid_ntlm_fakeauth.nasl

Version: 1.21

Type: remote

Family: Firewalls

Published: 1/13/2005

Updated: 4/24/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2005-2917

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:squid-cache:squid

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 1/8/2005

Reference Information

CVE: CVE-2005-0096, CVE-2005-0097

BID: 12220, 12324