Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2004-0541

Published: 06/08/2004 Updated: 03/05/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to National Science Foundation

Vulnerability Summary

Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote malicious users to execute arbitrary code via a long password ("pass" variable).

Vulnerable Product Search on Vulmon Subscribe to Product

national science foundation squid web proxy cache 2.5_stable

national science foundation squid web proxy cache 3_pre

Vendor Advisories

Red Hat: squid security update
Synopsis squid security update Type/Severity Security Advisory: Moderate Topic An updated squid package that fixes a security vulnerability inthe NTLM authentication helper is now available Description Squid is a full-featured Web proxy cacheA buffer overflow was found within the NTLM aut ...

Exploits

Exploit DB: Squid 2.5.x/3.x - NTLM Buffer Overflow (Metasploit)
## # $Id$ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote include Ms ...
Exploit DB: Squid - NTLM (Authenticated) Overflow (Metasploit)
## # $Id: squid_ntlm_authenticaterb 9179 2010-04-30 08:40:19Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core ...

References

NVD-CWE-Otherhttp://www.gentoo.org/security/en/glsa/glsa-200406-13.xmlhttp://www.redhat.com/support/errata/RHSA-2004-242.htmlhttp://www.idefense.com/application/poi/display?id=107&type=vulnerabilitieshttp://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:059http://www.trustix.net/errata/2004/0033/ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.aschttp://fedoranews.org/updates/FEDORA--.shtmlhttp://www.securityfocus.com/bid/10500https://exchange.xforce.ibmcloud.com/vulnerabilities/16360https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A980https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10722https://access.redhat.com/errata/RHSA-2004:242https://nvd.nist.govhttps://www.exploit-db.com/exploits/9951/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook