Re: Squid-2.5.STABLE6

From: Slivarez ! <slivarez@dont-contact.us>
Date: Thu, 10 Jun 2004 10:07:53 +0400

Hi all!

There is information about insecurity in ntml authentication (in squid-2.5.STABLE* and even in 3.0). They say that insecurity is in function ntlm_check_auth() of module libntlmssp. Attaking user can enter too long password, that will result overflow and gives possibility to execute free-hand code. Is it real? Will it be fixed in Squid-2.5.STABLE6?

Regards, Slivarez
Received on Thu Jun 10 2004 - 00:07:54 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Jun 30 2004 - 12:00:03 MDT