Test Kennung:	1.3.6.1.4.1.25623.1.0.148788
Kategorie:	Buffer overflow
Titel:	Squid Buffer Overflow Vulnerability (SQUID-2022:2)
Zusammenfassung:	Squid is prone to a buffer overflow vulnerability in SSPI and; SMB authentication.
Beschreibung:	Summary: Squid is prone to a buffer overflow vulnerability in SSPI and SMB authentication. Vulnerability Insight: Due to an incorrect integer overflow protection Squid SSPI and SMB authentication helpers are vulnerable to a buffer overflow attack. Vulnerability Impact: This problem allows a remote client to perform a denial of service attack when Squid is configured to use NTLM or Negotiate authentication with one of the vulnerable helpers. This problem allows a remote client to extract sensitive information from machine memory when Squid is configured to use NTLM or Negotiate authentication with one of the vulnerable helpers. The scope of this information includes user credentials in decrypted forms, and also arbitrary memory areas beyond Squid and the helper itself. This attack is limited to authentication helpers built using the libntlmauth library shipped by Squid. Affected Software/OS: Squid version 2.5.STABLE1 through 2.7.STABLE9, 3.x through 3.5.28, 4.x through 4.17 and 5.x through 5.6. Solution: Update to version 5.7 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2022-41318 http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_2.patch http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_2.patch https://github.com/squid-cache/squid/security/advisories/GHSA-394c-rr7q-6g78 https://www.openwall.com/lists/oss-security/2022/09/23/2
Copyright	Copyright (C) 2022 Greenbone Networks GmbH

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.