The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Redhat
  • Enterprise Linux
Squid
  • Squid

Configuration 1 [-]

OR cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.1_patch2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.3_.stable4:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.3_.stable5:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.3_stable5:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.4_.stable2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.4_.stable6:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.4_.stable7:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.4_stable7:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5.6:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5_stable9:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.6.stable1:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 3
squid-7:2.5.STABLE3-6.3E.7 cpe:/o:redhat:enterprise_linux:3 RHSA-2005:061 2005-02-11T00:00:00Z
Red Hat Enterprise Linux 4
squid-7:2.5.STABLE6-3.4E.3 cpe:/o:redhat:enterprise_linux:4 RHSA-2005:060 2005-02-15T00:00:00Z
References
Link Providers
http://fedoranews.org/updates/FEDORA--.shtml cve-icon cve-icon
http://secunia.com/advisories/13789 cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-200501-25.xml cve-icon cve-icon
http://securitytracker.com/id?1012818 cve-icon cve-icon
http://www.novell.com/linux/security/advisories/2005_06_squid.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2005-060.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2005-061.html cve-icon cve-icon
http://www.securityfocus.com/bid/12220 cve-icon cve-icon
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth cve-icon cve-icon
http://www.trustix.org/errata/2005/0003/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2005-0097 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11646 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2005-0097 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-01-19T05:00:00

Updated: 2024-08-07T20:57:40.874Z

Reserved: 2005-01-18T00:00:00

Link: CVE-2005-0097

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2005-01-11T05:00:00.000

Modified: 2017-10-11T01:29:50.967

Link: CVE-2005-0097

cve-icon Redhat

Severity :

Publid Date: 2005-01-08T00:00:00Z

Links: CVE-2005-0097 - Bugzilla