A buffer overflow was found in within the NTLM authentication helper
routine. If Squid is configured to use the NTLM authentication helper,
a remote attacker could potentially execute arbitrary code by sending
an overly long password. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0541 to this issue.
Note: The NTLM authentication helper is not enabled by default in Red
Hat Enterprise Linux 3. Red Hat Enterprise Linux 2.1 is not
vulnerable to this issue as it shipped with a version of Squid which
did not contain the helper.
Users of Squid should update to these erratum packages which contain a
backported patch are not vulnerable to this issue.
An errata has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.