SCO Security Advisory - store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING. The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests. Squid versions 2.5.STABLE10 and below, while performing NTLM authentication, do not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).
f0587c8f5d8323fec288e1f850d67e518ab135abbba7b94636cf8b47c40315bc
Ubuntu Security Notice USN-192-1 - Mike Diggins discovered a remote Denial of Service vulnerability in Squid. Sending specially crafted NTML authentication requests to Squid caused the server to crash.
6351468586402308f11c910517aa06ab3eea37233a1683741efe82c0e6114fb0
Debian Security Advisory DSA 828-1 - Upstream developers of squid, the popular WWW proxy cache, have discovered that changes in the authentication scheme are not handled properly when given certain request sequences while NTLM authentication is in place, which may cause the daemon to restart.
7ef499a1227798c1d997c07bd6e5bc0392caa2dab911610da22c6d17215aaa8e