Red Hat Bugzilla – Bug 125595
CAN-2004-0541 Squid NTLM authentication helper overflow
Last modified: 2014-08-31 19:26:16 EDT
A buffer overflow was found in within the NTLM authentication helper
routine. If Squid is configured to use the NTLM authentication
helper, a remote attacker could potentially execute arbitrary code by
sending an overly long password. The Common Vulnerabilities and
(cve.mitre.org) has assigned the name CAN-2004-0541 to this issue.
Note: The NTLM authentication helper is not enabled by default in
Note; This is a stack buffer overflow and exec-shield will help
mitigate the risk of this being exploited in Fedora Core.