First published: Sun Feb 06 2005(Updated: )
squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Squid Squid | =2.3.stable3 | |
Squid Squid | =2.2.stable2 | |
Squid Squid | =2.2.stable3 | |
Squid Squid | =2.0.patch2 | |
Squid Squid | =2.1.patch2 | |
Squid Squid | =2.5.stable5 | |
Squid Squid | =2.2.stable4 | |
Squid Squid | =2.0.patch1 | |
Squid Squid | =2.1.patch1 | |
Squid Squid | =2.3.devel3 | |
Squid Squid | =2.5.stable3 | |
Squid Squid | =2.4.stable4 | |
Squid Squid | =2.1.release | |
Squid Squid | =2.5.stable1 | |
Squid Squid | =2.0.release | |
Squid Squid | =2.1.pre4 | |
Squid Squid | =2.1.pre3 | |
Squid Squid | =2.3.stable1 | |
Squid Squid | =2.4.stable7 | |
Squid Squid | =2.2.devel4 | |
Squid Squid | =2.5.stable6 | |
Squid Squid | =2.3.stable2 | |
Squid Squid | =2.4.stable1 | |
Squid Squid | =2.2.stable1 | |
Squid Squid | =2.5.stable4 | |
Squid Squid | =2.5.stable2 | |
Squid Squid | =2.3.stable4 | |
Squid Squid | =2.1.pre1 | |
Squid Squid | =2.4.stable2 | |
Squid Squid | =2.2.pre1 | |
Squid Squid | =2.2.devel3 | |
Squid Squid | =2.4.stable3 | |
Squid Squid | =2.3.stable5 | |
Squid Squid | =2.2.stable5 | |
Squid Squid | =2.2.pre2 | |
Squid Squid | =2.0.pre1 | |
Squid Squid | =2.4.stable6 | |
Squid Squid | =2.3.devel2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.