7.5

CVE-2005-0173

squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SquidSquid Version2.0.patch1
SquidSquid Version2.0.patch2
SquidSquid Version2.0.pre1
SquidSquid Version2.0.release
SquidSquid Version2.1.patch1
SquidSquid Version2.1.patch2
SquidSquid Version2.1.pre1
SquidSquid Version2.1.pre3
SquidSquid Version2.1.pre4
SquidSquid Version2.1.release
SquidSquid Version2.2.devel3
SquidSquid Version2.2.devel4
SquidSquid Version2.2.pre1
SquidSquid Version2.2.pre2
SquidSquid Version2.2.stable1
SquidSquid Version2.2.stable2
SquidSquid Version2.2.stable3
SquidSquid Version2.2.stable4
SquidSquid Version2.2.stable5
SquidSquid Version2.3.devel2
SquidSquid Version2.3.devel3
SquidSquid Version2.3.stable1
SquidSquid Version2.3.stable2
SquidSquid Version2.3.stable3
SquidSquid Version2.3.stable4
SquidSquid Version2.3.stable5
SquidSquid Version2.4.stable1
SquidSquid Version2.4.stable2
SquidSquid Version2.4.stable3
SquidSquid Version2.4.stable4
SquidSquid Version2.4.stable6
SquidSquid Version2.4.stable7
SquidSquid Version2.5.stable1
SquidSquid Version2.5.stable2
SquidSquid Version2.5.stable3
SquidSquid Version2.5.stable4
SquidSquid Version2.5.stable5
SquidSquid Version2.5.stable6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 31.94% 0.981
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://fedoranews.org/updates/FEDORA--.shtml
http://www.novell.com/linux/security/advisories/2005_06_squid.html
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-060.html
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-061.html
Patch
Vendor Advisory
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923
Patch
http://marc.info/?l=bugtraq&m=110780531820947&w=2
http://www.mandriva.com/security/advisories?name=MDKSA-2005:034
http://www.debian.org/security/2005/dsa-667
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/924198
Patch
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/12431
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces
Patch
http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch
Patch
http://www.squid-cache.org/bugs/show_bug.cgi?id=1187
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10251