FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

squid -- possible denial of service condition regarding NTLM authentication

Affected packages
squid < 2.5.10_6

Details

VuXML ID 44e7764c-2614-11da-9e1e-c296ac722cb3
Discovery 2005-09-12
Entry 2005-09-15
Modified 2005-10-02

The squid patches page notes:

Squid may crash with the above error [FATAL: Incorrect scheme in auth header] when given certain request sentences.

Workaround: disable NTLM authentication.

[source]

References

Bugtraq ID 14977
CVE Name CVE-2005-2917
URL http://secunia.com/advisories/16992/
URL http://www.squid-cache.org/bugs/show_bug.cgi?id=1391
URL http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-NTLM-scheme_assert

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.