__________________________________________________________________
Squid Proxy Cache Security Update Advisory SQUID-2004:2
__________________________________________________________________
Advisory ID: SQUID-2004:2
Date: June 7, 2004
Summary: Buffer overflow bug in 'ntlm_auth'
authentication helper.
Affected versions: Squid-2.5 up to and including 2.5.STABLE5
__________________________________________________________________
/Advisories/SQUID-2004_2.txt
__________________________________________________________________
Problem Description:
Squid supports numerous external authentication helper programs,
which are used to validate credentials taken from HTTP requests.
One of these helper programs, named 'ntlm_auth,' contains a buffer
overflow bug that may allow malicious users to execute arbitrary
code. The affected source code file is
helpers/ntlm_auth/SMB/libntlmssp.c. The affected binary is
named 'ntlm_auth'.
The buffer overflow bug exists because the code uses a fixed-size
character array to hold a password, but does not check the amount
of data copied to that buffer. A user can generate a long password
that either crashes the helper process or causes it to execute
arbitrary code.
Note: the Samba-3 package also includes a program named 'ntlm_auth'
that can be used as a Squid authenticator. The Samba-3 version
of 'ntlm_auth' is not vulnerable to the problem described here
and we recommend using it over the Squid version in any case.
------------------------------------------------------------------
Severity:
If you are using the 'ntlm_auth' helper from Squid, you should
upgrade your installation immediately. This overflow bug may allow
an attacker to execute arbitrary code by overwriting the process
stack. Note that the 'ntlm_auth' helper does not run as root; it
executes under the same userid as the primary Squid process.
__________________________________________________________________
Updated Packages:
The Squid-2.5.STABLE6 release contains a fix for this
problem. You can download the Squid-2.5.STABLE6 release from
ftp://ftp.squid-cache.org/pub/archive/2.5/
/Versions/v2/2.5/
or the mirrors (may take a while before all mirrors are updated).
For a list of mirror sites see
/Download/ftp-mirrors.html
/Download/http-mirrors.html
Individual patches to the mentioned issues can be found from our
patch archive for version Squid-2.5.STABLE5:
/Versions/v2/2.5/bugs/
The patches should also apply with only a minimal effort to
earlier Squid 2.5 versions if required.
If you are using a prepackaged version of Squid then please
refer to the package vendor for availability information on
updated packages.
__________________________________________________________________
Determining if your version is vulnerable:
You are not vulnerable if you are using the 'ntlm_auth' program
that comes with Samba-3. If your squid.conf file as a line that
starts with 'auth_param ntlm program' and also contains the string
'--helper-protocol=' then you are using the Samba-3 version.
You are vulnerable if you have configured Squid to compile and use
the NTLM SMB authentication helper in Squid version 2.5.STABLE5
and earlier. Run the following command to determine which version
of Squid you are using:
squid -v
You can also search for the ntlm_auth binary in the directory where
Squid is installed. By default it will be
/usr/local/squid/libexec/ntlm_auth. Also check your squid.conf
file for the string 'ntlm_auth'. If you have the file installed,
but are not referencing it in squid.conf, then your installation
is not vulerable. In that case, you should remove the unused
binary to be safe.
If you are using a binary or otherwise pre-packaged version please
verify with your vendor on which versions are affected as some
vendors ship earlier versions with the needed patches applied.
Note that unless you have upgraded to a version released after
2004-06-07 you may be vulnerable to this bug.
__________________________________________________________________
Other versions of Squid:
NTLM support was introduced in Squid-2.5. Earlier versions are
not vulnerable. Even so, versions prior to the 2.5 series are
deprecated, please update to Squid-2.5.STABLE6 if you are using a
version older than 2.5.
These changes have also been made to the Squid-3 source tree.
__________________________________________________________________
Workarounds:
One workaround is to use the 'ntlm_auth' binary from the Samba-3
sources. That version has a somewhat different command line syntax
that Squid's, so be sure to read the Samba-3 documentation for
'ntlm_auth'.
Another workaround is to temporarily disable Squid's 'ntlm_auth'
authenticator until it has been patched. You may need to use
another authentication technique during that time, however.
It is also a good idea to place rules in your http_access list
that deny all requests from outside your organization (e.g., using
the 'src' ACL type). Place these rules before any 'proxy_auth'
rules so that an outsider's request is refused before Squid attempts
to validate it with the 'ntlm_auth' helper.
__________________________________________________________________
Contact details for the Squid project:
For installation / upgrade support: Your first point of contact
should be your binary package vendor.
If your install is built from the original Squid sources, then
the squid-users@squid-cache.org mailing list is your primary
support point. (see
for subscription details).
For bug reporting, particularly security related bugs the
squid-bugs@squid-cache.org mailing list is the appropriate forum.
It's a closed list (though anyone can post) and security related
bug reports are treated in confidence until the impact has been
established. For non security related bugs, the squid bugzilla
database should be used .
__________________________________________________________________
Credits:
The vulerability was reported by Michael Sutton of iDEFENSE Labs.
(www.idefense.com).
Duane Wessels developed the patch for libntlmssp.c.
__________________________________________________________________
Revision history:
2004-06-07 23:00 GMT Initial release
2004-06-13 14:44 GMT Cosmetic update
2010-09-16 07:05 GMT Reference link updates
__________________________________________________________________
END
387 Captain Parks, however, agreed with Mr. Everdail, who trusted him absolutely—if Sandy did not—that it would be wise not to give any person who had been on the yacht during its crossing any chance to get away. Felipa stood leaning listlessly against the post of the ramada, watching them. After a time she went into the adobe and came out with a pair of field-glasses, following the course of the command as it wound along among the foot-hills. The day dragged dully along. She was uneasy about her husband, her nerves were shaken with the coffee and quinine, and she was filled,[Pg 76] moreover, with a vague restlessness. She would have sent for her horse and gone out even in the clouds of dust and the wind like a hot oven, but Landor had forbidden her to leave the post. Death in the tip of a poisoned arrow, at the point of a yucca lance, or from a more merciful bullet of lead, might lurk behind any mesquite bush or gray rock. Chapter 9 "Very well," answered the Deacon a little stiffly, for he was on his guard against cordial strangers. "Deed he was," answered Si. "He and his fathers before him run' this whole neck o' woods accordin' to the big Injun taste, and give the Army o' the United States all they wanted to do. Used to knock all the other Injuns around here about like ten-pins. The Rosses were bosses from the word go." Little Pete had an idea. He wriggled in between, snatched the glasses, and made off with them. Dara looked away. "I have my song," she said. HoME日韩一级特黄高清免费自拍
ENTER NUMBET 0017
rdbskc.com.cn
www.sute7.com.cn
www.yate6.net.cn
shibaila.com.cn
www.045166.com.cn
www.wkf.org.cn
douli4.com.cn
www.yuffkk.com.cn
techi5.com.cn
www.tajun2.net.cn