漏洞信息详情
Squid Proxy NTLM验证缓冲区溢出漏洞
- CNNVD编号:CNNVD-200408-098 <!--
- 危害等级: 超危-->
- 危害等级: 超危
- CVE编号: CVE-2004-0541
- 漏洞类型: 边界条件错误
- 发布时间: 2004-06-10
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: national_science_foundation
- 漏洞来源: iDEFENSE
-
漏洞简介
Squid(全称Squid Cache)是一套代理服务器和Web缓存服务器软件。该软件提供缓存万维网、过滤流量、代理上网等功能。 Squid Web proxy在处理NTLM验证时缺少充分边界缓冲区检查,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以进程权限在系统上执行任意指令。 Squid Web Proxy缓存支持Basic、Digest及NTLM验证,漏洞存在于NTLM验证的帮助函数中,helpers/ntlm_auth/SMB/libntlmssp.c中的ntlm_check_auth()函数: char *ntlm_check_auth(ntlm_authenticate * auth, int auth_length){ int rv; char pass[25] /*, encrypted_pass[40] */; char *domain = credentials; ... memcpy(pass, tmp.str, tmp.l); ... 函数由于对拷贝到\'\'pass\'\'变量的值缺少充分边界检查,过长的密码字段可造成缓冲区溢出及执行任意指令。memcpy()使用的\'\'tmp.str\'\'和\'\'tmp.l\'\'变量包含用户提供的数据。
漏洞公告
厂商补丁: MandrakeSoft ------------ MandrakeSoft已经为此发布了一个安全公告(MDKSA-2004:059)以及相应补丁:
MDKSA-2004:059:Updated squid packages fix remotely exploitable vulnerability
链接: http://www.linux-mandrake.com/en/security/2004/2004-059.php
补丁下载:
Updated Packages:
Mandrakelinux 10.0:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/squid-2.5.STABLE4-1.2.100mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/SRPMS/squid-2.5.STABLE4-1.2.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/squid-2.5.STABLE4-1.2.100mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/SRPMS/squid-2.5.STABLE4-1.2.100mdk.src.rpm
Mandrakelinux 9.1:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/squid-2.5.STABLE1-7.2.91mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/SRPMS/squid-2.5.STABLE1-7.2.91mdk.src.rpm
Mandrakelinux 9.1/PPC:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/squid-2.5.STABLE1-7.2.91mdk.ppc.rpm
上述升级软件还可以在下列地址中的任意一个镜像ftp服务器上下载:
http://www.mandrakesecure.net/en/ftp.php S.u.S.E. -------- S.u.S.E.已经为此发布了一个安全公告(SuSE-SA:2004:016)以及相应补丁:
SuSE-SA:2004:016:squid
链接:
补丁下载:
SuSE Patch squid-2.4.STABLE6-9.i386.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/squid-2.4.STABLE6-9.i386.patch.rpm
Intel i386 Platform
SuSE Upgrade squid-2.5.STABLE5-42.9.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/squid-2.5.STABLE5-42.9.i586.rpm
Intel i386 Platform
SuSE Patch squid-2.5.STABLE5-42.9.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/squid-2.5.STABLE5-42.9.i586.patch.rpm
Intel i386 Platform
SuSE Upgrade squid-2.5.STABLE5-42.9.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/squid-2.5.STABLE5-42.9.x86_64.rpm
Opteron x86_64 Platform
SuSE Patch squid-2.5.STABLE5-42.9.x86_64.patch.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/squid-2.5.STABLE5-42.9.x86_64.patch.rpm
Opteron x86_64 Platform
SuSE Upgrade squid-2.5.STABLE3-110.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/squid-2.5.STABLE3-110.i586.rpm
Intel i386 Platform
SuSE Patch squid-2.5.STABLE3-110.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/squid-2.5.STABLE3-110.i586.patch.rpm
Intel i386 Platform
SuSE Upgrade squid-2.5.STABLE3-110.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/squid-2.5.STABLE3-110.x86_64.rpm
Opteron x86_64 Platform
SuSE Patch squid-2.5.STABLE3-110.x86_64.patch.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/squid-2.5.STABLE3-110.x86_64.patch.rpm
Opteron x86_64 Platform
Squid Web Proxy Cache 2.5 STABLE1:
Squid Patch libntlmssp.c.patch
http://www.squid-cache.org/~wessels/patch/libntlmssp.c.patch
SuSE Upgrade squid-2.5.STABLE1-98.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/squid-2.5.STABLE1-98.i586.rpm
Intel i386 Platform
SuSE Patch squid-2.5.STABLE1-98.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/squid-2.5.STABLE1-98.i586.patch.rpm
Intel i386 Platform Squid ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Squid Patch libntlmssp.c.patch
http://www.squid-cache.org/~wessels/patch/libntlmssp.c.patch
参考网址
来源: XF 名称: squid-ntlm-bo(16360) 链接:http://xforce.iss.net/xforce/xfdb/16360 来源: REDHAT 名称: RHSA-2004:242 链接:http://www.redhat.com/support/errata/RHSA-2004-242.html 来源: www.idefense.com 链接:http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities 来源: GENTOO 名称: GLSA-200406-13 链接:http://www.gentoo.org/security/en/glsa/glsa-200406-13.xml 来源: TRUSTIX 名称: 2004-0033 链接:http://www.trustix.net/errata/2004/0033/ 来源: OVAL 名称: oval:org.mitre.oval:def:10722 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10722 来源: SGI 名称: 20040604-01-U 链接:ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc 来源: BID 名称: 10500 链接:http://www.securityfocus.com/bid/10500 来源: FEDORA 名称: FLSA-2006:152809 链接:http://fedoranews.org/updates/FEDORA--.shtml 来源: US Government Resource: oval:org.mitre.oval:def:980 名称: oval:org.mitre.oval:def:980 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:980
受影响实体
- National_science_foundation Squid_web_proxy_cache:3_pre<!--2000-1-1-->
- National_science_foundation Squid_web_proxy_cache:2.5_stable<!--2000-1-1-->
补丁
暂无
还没有评论,来说两句吧...