Re: [squid-users] NTLM Authentication Helper Buffer Overflow Vulnerability

From: Emilio Casbas <ecasbas@dont-contact.us>
Date: Thu, 10 Jun 2004 10:49:23 +0200

victor wrote:

> http://marc.free.net.ph/message/20040608.190021.56abed9f.html
>
> From the article it sgugest disableing the feature will plug the hole,
> I think the NTLM handler is not enabled by default correct? If I
> didn't complie with NTLM handler enabled, does it mean I'm safe?
>
> Tor.
>

In some distributions, for example Suse,
Mandrake, the NTLM authentication is enabled by default
in the squid package.
The recommended is compile from the source
code with the options that you will need.
There is a patch for this issue:
http://www.squid-cache.org/~wessels/patch/libntlmssp.c.patch

Emilio C.
Received on Thu Jun 10 2004 - 02:49:47 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Jul 01 2004 - 12:00:02 MDT