Re: Squid-2.5.STABLE6

From: Kinkie <kinkie-dev@dont-contact.us>
Date: Thu, 10 Jun 2004 10:36:14 +0200

Kinkie <kinkie-dev@kinkie.it> writes:

> "Slivarez !" <slivarez@list.ru> writes:
>
>> Hi all!
>>
>> There is information about insecurity in ntml authentication (in
>> squid-2.5.STABLE* and even in 3.0). They say that insecurity is in
>> function ntlm_check_auth() of module libntlmssp. Attaking user can enter
>> too long password, that will result overflow and gives possibility to
>> execute free-hand code. Is it real? Will it be fixed in
>> Squid-2.5.STABLE6?
>
>
> Can you post the analisys of the problem or point to an URL? I have seen no
> notification of it.

Please disregard this request, I've seen the advisory and that Duane
has already fixed it.

-- 
	kinkie (kinkie-squid [at] kinkie [dot] it)
	Random fortune, unrelated to the message:
The reason that every major university maintains a department of
mathematics is that it's cheaper than institutionalizing all those people.
Received on Thu Jun 10 2004 - 02:36:15 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Jun 30 2004 - 12:00:03 MDT