"Slivarez !" <slivarez@list.ru> writes:
> Hi all!
>
> There is information about insecurity in ntml authentication (in
> squid-2.5.STABLE* and even in 3.0). They say that insecurity is in
> function ntlm_check_auth() of module libntlmssp. Attaking user can enter
> too long password, that will result overflow and gives possibility to
> execute free-hand code. Is it real? Will it be fixed in
> Squid-2.5.STABLE6?
Can you post the analisys of the problem or point to an URL? I have seen no
notification of it.
Thanks.
-- kinkie (kinkie-squid [at] kinkie [dot] it) Random fortune, unrelated to the message: A gourmet who thinks of calories is like a tart that looks at her watch. -- James BeardReceived on Thu Jun 10 2004 - 02:29:46 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Jun 30 2004 - 12:00:03 MDT