CVE-2004-0832

Name of the Vulnerable Software and Affected Versions: Squid versions 2.5.6 and earlier

Description: The issue concerns the ntlm fetch string and ntlm get string functions in Squid when NTLM authentication is enabled. It allows remote attackers to cause a denial of service, resulting in an application crash. This is achieved by sending an NTLMSSP packet that causes a negative value to be passed to memcpy.

Recommendations: For Squid versions 2.5.6 and earlier, consider disabling NTLM authentication until a patch is available. As a temporary workaround, restrict access to the ntlm fetch string and ntlm get string functions to minimize the risk of exploitation.