FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-0194

This CVE name corresponds to:

Entered Topic
2004-12-23 squid -- confusing results on empty acl declarations

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2005-0194 at cve.mitre.org

Details

Type Candidate
Name CVE-2005-0194
Phase Assigned(20050131)

Description

Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings.

References

Source Reference
CONFIRM http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch
CONFIRM http://www.squid-cache.org/bugs/show_bug.cgi?id=1166
CONFIRM http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls
CONECTIVA CLA-2005:923
DEBIAN DSA-667
BUGTRAQ 20050221 [USN-84-1] Squid vulnerabilities
FEDORA FLSA-2006:152809
CERT-VN VU#260421

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.