CVE-2005-0173

Published: May 2, 2005Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.

Affected (38)

Products: Squid: Squid

1 product

Configuration A

38 vulnerable

Vulnerable Software	Affected Versions
Squid Squid	Version 2.0.patch1
Squid Squid	Version 2.0.patch2
Squid Squid	Version 2.0.pre1
Squid Squid	Version 2.0.release
Squid Squid	Version 2.1.patch1
Squid Squid	Version 2.1.patch2
Squid Squid	Version 2.1.pre1
Squid Squid	Version 2.1.pre3
Squid Squid	Version 2.1.pre4
Squid Squid	Version 2.1.release
Squid Squid	Version 2.2.devel3
Squid Squid	Version 2.2.devel4
Squid Squid	Version 2.2.pre1
Squid Squid	Version 2.2.pre2
Squid Squid	Version 2.2.stable1
Squid Squid	Version 2.2.stable2
Squid Squid	Version 2.2.stable3
Squid Squid	Version 2.2.stable4
Squid Squid	Version 2.2.stable5
Squid Squid	Version 2.3.devel2
Squid Squid	Version 2.3.devel3
Squid Squid	Version 2.3.stable1
Squid Squid	Version 2.3.stable2
Squid Squid	Version 2.3.stable3
Squid Squid	Version 2.3.stable4
Squid Squid	Version 2.3.stable5
Squid Squid	Version 2.4.stable1
Squid Squid	Version 2.4.stable2
Squid Squid	Version 2.4.stable3
Squid Squid	Version 2.4.stable4
Squid Squid	Version 2.4.stable6
Squid Squid	Version 2.4.stable7
Squid Squid	Version 2.5.stable1
Squid Squid	Version 2.5.stable2
Squid Squid	Version 2.5.stable3
Squid Squid	Version 2.5.stable4
Squid Squid	Version 2.5.stable5
Squid Squid	Version 2.5.stable6

References (28)

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923

Source: cve@mitre.org

Patch

http://fedoranews.org/updates/FEDORA--.shtml

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=110780531820947&w=2

Source: cve@mitre.org

http://www.debian.org/security/2005/dsa-667

Source: cve@mitre.org

PatchVendor Advisory

http://www.kb.cert.org/vuls/id/924198

Source: cve@mitre.org

PatchThird Party AdvisoryUS Government Resource

http://www.mandriva.com/security/advisories?name=MDKSA-2005:034

Source: cve@mitre.org

http://www.novell.com/linux/security/advisories/2005_06_squid.html

Source: cve@mitre.org

PatchVendor Advisory

http://www.redhat.com/support/errata/RHSA-2005-060.html

Source: cve@mitre.org

PatchVendor Advisory

http://www.redhat.com/support/errata/RHSA-2005-061.html

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/bid/12431

Source: cve@mitre.org

http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces

Source: cve@mitre.org

Patch

http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch

Source: cve@mitre.org

Patch

http://www.squid-cache.org/bugs/show_bug.cgi?id=1187

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10251

Source: cve@mitre.org

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://fedoranews.org/updates/FEDORA--.shtml

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=110780531820947&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2005/dsa-667

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.kb.cert.org/vuls/id/924198

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryUS Government Resource

http://www.mandriva.com/security/advisories?name=MDKSA-2005:034

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.novell.com/linux/security/advisories/2005_06_squid.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.redhat.com/support/errata/RHSA-2005-060.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.redhat.com/support/errata/RHSA-2005-061.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/12431

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.squid-cache.org/bugs/show_bug.cgi?id=1187

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10251

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.