CVE-2005-0173

NONE EPSS 98.1%
Published May 2, 200521y ago · Modified Jun 16, 20262w ago
Find Similar
Published May 2, 2005 21y ago
Last Modified Jun 16, 2026 2w ago

Description

squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.

Threat Intelligence

EPSS Exploit Probability
98.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 38

VendorProductVersionRange
squidsquid2.0.patch1any
squidsquid2.0.patch2any
squidsquid2.0.pre1any
squidsquid2.0.releaseany
squidsquid2.1.patch1any
squidsquid2.1.patch2any
squidsquid2.1.pre1any
squidsquid2.1.pre3any
squidsquid2.1.pre4any
squidsquid2.1.releaseany
squidsquid2.2.devel3any
squidsquid2.2.devel4any
squidsquid2.2.pre1any
squidsquid2.2.pre2any
squidsquid2.2.stable1any
squidsquid2.2.stable2any
squidsquid2.2.stable3any
squidsquid2.2.stable4any
squidsquid2.2.stable5any
squidsquid2.3.devel2any
squidsquid2.3.devel3any
squidsquid2.3.stable1any
squidsquid2.3.stable2any
squidsquid2.3.stable3any
squidsquid2.3.stable4any
squidsquid2.3.stable5any
squidsquid2.4.stable1any
squidsquid2.4.stable2any
squidsquid2.4.stable3any
squidsquid2.4.stable4any
squidsquid2.4.stable6any
squidsquid2.4.stable7any
squidsquid2.5.stable1any
squidsquid2.5.stable2any
squidsquid2.5.stable3any
squidsquid2.5.stable4any
squidsquid2.5.stable5any
squidsquid2.5.stable6any

References 14

  • distro.conectiva.com.br http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923
    Patch
  • fedoranews.org http://fedoranews.org/updates/FEDORA--.shtml
  • marc.info http://marc.info/?l=bugtraq&m=110780531820947&w=2
  • debian.org http://www.debian.org/security/2005/dsa-667
    PatchVendor Advisory
  • kb.cert.org http://www.kb.cert.org/vuls/id/924198
    PatchThird Party AdvisoryUS Government Resource
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2005:034
  • novell.com http://www.novell.com/linux/security/advisories/2005_06_squid.html
    PatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-060.html
    PatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-061.html
    PatchVendor Advisory
  • securityfocus.com http://www.securityfocus.com/bid/12431
  • squid-cache.org http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces
    Patch
  • squid-cache.org http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch
    Patch
  • squid-cache.org http://www.squid-cache.org/bugs/show_bug.cgi?id=1187
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10251

Remediation

  • distro.conectiva.com.br http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923
    Patch
  • debian.org http://www.debian.org/security/2005/dsa-667
    PatchVendor Advisory
  • kb.cert.org http://www.kb.cert.org/vuls/id/924198
    PatchThird Party AdvisoryUS Government Resource
  • novell.com http://www.novell.com/linux/security/advisories/2005_06_squid.html
    PatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-060.html
    PatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-061.html
    PatchVendor Advisory
  • squid-cache.org http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces
    Patch
  • squid-cache.org http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch
    Patch