Squid Proxy NTLM验证缓冲区溢出漏洞-一一网

漏洞信息详情

Squid Proxy NTLM验证缓冲区溢出漏洞

CNNVD编号：CNNVD-200408-098

危害等级：超危
CVE编号：
CVE-2004-0541
漏洞类型：

边界条件错误
发布时间：

2004-06-10
威胁类型：

远程
更新时间：

2005-10-20
厂商：

national_science_foundation
漏洞来源：
iDEFENSE

漏洞简介

Squid（全称Squid Cache）是一套代理服务器和Web缓存服务器软件。该软件提供缓存万维网、过滤流量、代理上网等功能。
Squid Web proxy在处理NTLM验证时缺少充分边界缓冲区检查，远程攻击者可以利用这个漏洞进行缓冲区溢出攻击，可能以进程权限在系统上执行任意指令。
Squid Web Proxy缓存支持Basic、Digest及NTLM验证，漏洞存在于NTLM验证的帮助函数中，helpers/ntlm_auth/SMB/libntlmssp.c中的ntlm_check_auth()函数：
char *ntlm_check_auth(ntlm_authenticate * auth， int auth_length){ int rv; char pass[25] /*， encrypted_pass[40] */; char *domain = credentials; … memcpy(pass， tmp.str， tmp.l); …
函数由于对拷贝到\’\’pass\’\’变量的值缺少充分边界检查，过长的密码字段可造成缓冲区溢出及执行任意指令。memcpy()使用的\’\’tmp.str\’\’和\’\’tmp.l\’\’变量包含用户提供的数据。

漏洞公告

厂商补丁：
MandrakeSoft
————
MandrakeSoft已经为此发布了一个安全公告(MDKSA-2004:059)以及相应补丁:

MDKSA-2004:059：Updated squid packages fix remotely exploitable vulnerability

链接：http://www.linux-mandrake.com/en/security/2004/2004-059.php” target=”_blank”>
http://www.linux-mandrake.com/en/security/2004/2004-059.php

补丁下载：

Updated Packages:

Mandrakelinux 10.0:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/squid-2.5.STABLE4-1.2.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/SRPMS/squid-2.5.STABLE4-1.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/squid-2.5.STABLE4-1.2.100mdk.amd64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/SRPMS/squid-2.5.STABLE4-1.2.100mdk.src.rpm

Mandrakelinux 9.1:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/squid-2.5.STABLE1-7.2.91mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/SRPMS/squid-2.5.STABLE1-7.2.91mdk.src.rpm

Mandrakelinux 9.1/PPC:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/squid-2.5.STABLE1-7.2.91mdk.ppc.rpm

上述升级软件还可以在下列地址中的任意一个镜像ftp服务器上下载：

http://www.mandrakesecure.net/en/ftp.php” target=”_blank”>
http://www.mandrakesecure.net/en/ftp.php
S.u.S.E.
——–
S.u.S.E.已经为此发布了一个安全公告(SuSE-SA:2004:016)以及相应补丁:

SuSE-SA:2004:016：squid

链接：

补丁下载：

SuSE Patch squid-2.4.STABLE6-9.i386.patch.rpm

ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/squid-2.4.STABLE6-9.i386.patch.rpm

Intel i386 Platform

SuSE Upgrade squid-2.5.STABLE5-42.9.i586.rpm

ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/squid-2.5.STABLE5-42.9.i586.rpm

Intel i386 Platform

SuSE Patch squid-2.5.STABLE5-42.9.i586.patch.rpm

ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/squid-2.5.STABLE5-42.9.i586.patch.rpm

Intel i386 Platform

SuSE Upgrade squid-2.5.STABLE5-42.9.x86_64.rpm

ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/squid-2.5.STABLE5-42.9.x86_64.rpm

Opteron x86_64 Platform

SuSE Patch squid-2.5.STABLE5-42.9.x86_64.patch.rpm

ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/squid-2.5.STABLE5-42.9.x86_64.patch.rpm

Opteron x86_64 Platform

SuSE Upgrade squid-2.5.STABLE3-110.i586.rpm

ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/squid-2.5.STABLE3-110.i586.rpm

Intel i386 Platform

SuSE Patch squid-2.5.STABLE3-110.i586.patch.rpm

ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/squid-2.5.STABLE3-110.i586.patch.rpm

Intel i386 Platform

SuSE Upgrade squid-2.5.STABLE3-110.x86_64.rpm

ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/squid-2.5.STABLE3-110.x86_64.rpm

Opteron x86_64 Platform

SuSE Patch squid-2.5.STABLE3-110.x86_64.patch.rpm

ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/squid-2.5.STABLE3-110.x86_64.patch.rpm

Opteron x86_64 Platform

Squid Web Proxy Cache 2.5 STABLE1:

Squid Patch libntlmssp.c.patch

http://www.squid-cache.org/~wessels/patch/libntlmssp.c.patch” target=”_blank”>
http://www.squid-cache.org/~wessels/patch/libntlmssp.c.patch

SuSE Upgrade squid-2.5.STABLE1-98.i586.rpm

ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/squid-2.5.STABLE1-98.i586.rpm

Intel i386 Platform

SuSE Patch squid-2.5.STABLE1-98.i586.patch.rpm

ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/squid-2.5.STABLE1-98.i586.patch.rpm

Intel i386 Platform
Squid
—–
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

Squid Patch libntlmssp.c.patch

http://www.squid-cache.org/~wessels/patch/libntlmssp.c.patch” target=”_blank”>
http://www.squid-cache.org/~wessels/patch/libntlmssp.c.patch

参考网址

来源: XF
名称: squid-ntlm-bo(16360)
链接:http://xforce.iss.net/xforce/xfdb/16360

来源: REDHAT
名称: RHSA-2004:242
链接:http://www.redhat.com/support/errata/RHSA-2004-242.html

来源: www.idefense.com
链接:http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities

来源: GENTOO
名称: GLSA-200406-13
链接:http://www.gentoo.org/security/en/glsa/glsa-200406-13.xml

来源: TRUSTIX
名称: 2004-0033
链接:http://www.trustix.net/errata/2004/0033/

来源: OVAL
名称: oval:org.mitre.oval:def:10722
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10722

来源: SGI
名称: 20040604-01-U
链接:ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc

来源: BID
名称: 10500
链接:http://www.securityfocus.com/bid/10500

来源: FEDORA
名称: FLSA-2006:152809
链接:http://fedoranews.org/updates/FEDORA–.shtml

来源: US Government Resource: oval:org.mitre.oval:def:980
名称: oval:org.mitre.oval:def:980
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:980