Published: 02/05/2005 Updated: 11/10/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

squid_ldap_auth in Squid 2.5 and previous versions allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.

Vulnerable Product	Search on Vulmon	Subscribe to Product
squid squid 2.1.patch2
squid squid 2.1.pre1
squid squid 2.2.pre2
squid squid 2.2.stable1
squid squid 2.3.stable2
squid squid 2.3.stable3
squid squid 2.4.stable6
squid squid 2.4.stable7
squid squid 2.0.patch2
squid squid 2.0.pre1
squid squid 2.1.release
squid squid 2.2.devel3
squid squid 2.2.stable4
squid squid 2.2.stable5
squid squid 2.4.stable1
squid squid 2.4.stable2
squid squid 2.5.stable3
squid squid 2.5.stable4
squid squid 2.0.release
squid squid 2.1.patch1
squid squid 2.2.devel4
squid squid 2.2.pre1
squid squid 2.3.devel2
squid squid 2.3.devel3
squid squid 2.3.stable1
squid squid 2.4.stable3
squid squid 2.4.stable4
squid squid 2.5.stable5
squid squid 2.5.stable6
squid squid 2.0.patch1
squid squid 2.1.pre3
squid squid 2.1.pre4
squid squid 2.2.stable2
squid squid 2.2.stable3
squid squid 2.3.stable4
squid squid 2.3.stable5
squid squid 2.5.stable1
squid squid 2.5.stable2

A possible authentication bypass was discovered in the LDAP authentication backend LDAP ignores leading and trailing whitespace in search filters This could possibly be abused to bypass explicit access controls or confuse accounting when using several variants of the login name (CAN-2005-0173) ...

Synopsis squid security update Type/Severity Security Advisory: Important Topic An updated Squid package that fixes several security issues is now available Description Squid is a full-featured Web proxy cacheA buffer overflow flaw was found in the Gopher relay parser This bugcould allow ...

Synopsis squid security update Type/Severity Security Advisory: Important Topic An updated Squid package that fixes several security issues is now availableThis update has been rated as having important security impact by the Red HatSecurity Response Team Description Squid is a full-featu ...

NVD-CWE-Other http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces http://www.squid-cache.org/bugs/show_bug.cgi?id=1187 http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923 http://www.debian.org/security/2005/dsa-667 http://www.redhat.com/support/errata/RHSA-2005-060.html http://www.redhat.com/support/errata/RHSA-2005-061.html http://www.novell.com/linux/security/advisories/2005_06_squid.html http://www.kb.cert.org/vuls/id/924198 http://www.securityfocus.com/bid/12431 http://fedoranews.org/updates/FEDORA--.shtml http://www.mandriva.com/security/advisories?name=MDKSA-2005:034 http://marc.info/?l=bugtraq&m=110780531820947&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10251 https://usn.ubuntu.com/77-1/https://nvd.nist.gov https://www.kb.cert.org/vuls/id/924198

CVE-2005-0173

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect