FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-0173

This CVE name corresponds to:

Entered Topic
2005-01-19 squid -- no sanity check of usernames in squid_ldap_auth

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2005-0173 at cve.mitre.org

Details

Type Candidate
Name CVE-2005-0173
Phase Assigned(20050127)

Description

squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.

References

Source Reference
CONFIRM http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces
CONFIRM http://www.squid-cache.org/bugs/show_bug.cgi?id=1187
CONFIRM http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch
CONECTIVA CLA-2005:923
DEBIAN DSA-667
FEDORA FLSA-2006:152809
MANDRAKE MDKSA-2005:034
REDHAT RHSA-2005:060
REDHAT RHSA-2005:061
SUSE SUSE-SA:2005:006
CERT-VN VU#924198
BUGTRAQ 20050207 [USN-77-1] Squid vulnerabilities
BID 12431
OVAL oval:org.mitre.oval:def:10251

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.