Format String Vulnerability in Stellar-X msntauth Authentication Module in Squid 2.4.STABLE6 and Earlier

Format String Vulnerability in Stellar-X msntauth Authentication Module in Squid 2.4.STABLE6 and Earlier

CVE-2002-0916 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Format string vulnerability in the allowuser code for the Stellar-X msntauth authentication module, as distributed in Squid 2.4.STABLE6 and earlier, allows remote attackers to execute arbitrary code via format strings in the user name, which are not properly handled in a syslog call.

Learn more about our User Device Pen Test.