ID de Prueba:	1.3.6.1.4.1.25623.1.0.148788
Categoría:	Buffer overflow
Título:	Squid Buffer Overflow Vulnerability (SQUID-2022:2)
Resumen:	Squid is prone to a buffer overflow vulnerability in SSPI and; SMB authentication.
Descripción:	Summary: Squid is prone to a buffer overflow vulnerability in SSPI and SMB authentication. Vulnerability Insight: Due to an incorrect integer overflow protection Squid SSPI and SMB authentication helpers are vulnerable to a buffer overflow attack. Vulnerability Impact: This problem allows a remote client to perform a denial of service attack when Squid is configured to use NTLM or Negotiate authentication with one of the vulnerable helpers. This problem allows a remote client to extract sensitive information from machine memory when Squid is configured to use NTLM or Negotiate authentication with one of the vulnerable helpers. The scope of this information includes user credentials in decrypted forms, and also arbitrary memory areas beyond Squid and the helper itself. This attack is limited to authentication helpers built using the libntlmauth library shipped by Squid. Affected Software/OS: Squid version 2.5.STABLE1 through 2.7.STABLE9, 3.x through 3.5.28, 4.x through 4.17 and 5.x through 5.6. Solution: Update to version 5.7 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2022-41318 http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_2.patch http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_2.patch https://github.com/squid-cache/squid/security/advisories/GHSA-394c-rr7q-6g78 https://www.openwall.com/lists/oss-security/2022/09/23/2
Copyright	Copyright (C) 2022 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.