DEBIAN-CVE-2004-0541

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/DEBIAN-CVE-2004-0541
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2004-0541.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2004-0541
Upstream
Published
2004-08-06T04:00:00Z
Modified
2025-09-19T06:10:58Z
Summary
[none]
Details

Buffer overflow in the ntlmcheckauth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable).

References

Affected packages

Debian:11 / squid

Package

Name
squid
Purl
pkg:deb/debian/squid?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.5-5

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / squid

Package

Name
squid
Purl
pkg:deb/debian/squid?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.5-5

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / squid

Package

Name
squid
Purl
pkg:deb/debian/squid?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.5-5

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / squid

Package

Name
squid
Purl
pkg:deb/debian/squid?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.5-5

Ecosystem specific 

{
    "urgency": "not yet assigned"
}