CVE-2004-0832

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy.

Las funciones ntlm_fetch_string y ntlm_get_string en Squid 2.5.6 y anteriores, con autenticación NTLM activada, permite a atacantes remotos causar una denegación de servicio (caída de aplicación) mediante un paquete NTLMSSP que hace que se pase un valor negativo a memcpy.

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2004-09-08 CVE Reserved
2004-09-28 CVE Published
2023-09-05 EPSS Updated
2024-08-08 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (11)

URL	Tag	Source
http://www.squid-cache.org/bugs/show_bug.cgi?id=1045	X_refsource_confirm
http://www1.uk.squid-cache.org/squid/Versions/v2/2.5/bugs/#squid-2.5.STABLE6-ntlm_fetch_string	X_refsource_confirm
https://exchange.xforce.ibmcloud.com/vulnerabilities/17218	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10489	Signature

URL	Date	SRC

URL	Date	SRC
http://www.gentoo.org/security/en/glsa/glsa-200409-04.xml	2017-10-11
http://www.securityfocus.com/bid/11098	2017-10-11
http://www.trustix.org/errata/2004/0047	2017-10-11

URL	Date	SRC
http://fedoranews.org/updates/FEDORA--.shtml	2017-10-11
http://www.mandriva.com/security/advisories?name=MDKSA-2004:093	2017-10-11
https://access.redhat.com/security/cve/CVE-2004-0832	2004-09-30
https://bugzilla.redhat.com/show_bug.cgi?id=1617307	2004-09-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Squid Search vendor "Squid"		Squid Search vendor "Squid" for product "Squid"				<= 2.5.6 Search vendor "Squid" for product "Squid" and version " <= 2.5.6"		-		Affected