Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD7A921E9E-68B1-11D9-9E1E-C296AC722CB3
HistoryJan 10, 2005 - 12:00 a.m.

squid -- no sanity check of usernames in squid_ldap_auth

2005-01-1000:00:00
vuxml.freebsd.org
12

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.2%

JSON

The LDAP authentication helper did not strip
leading or trailing spaces from the login name.
According to the squid patches page:

LDAP is very forgiving about spaces in search
filters and this could be abused to log in
using several variants of the login name,
possibly bypassing explicit access controls
or confusing accounting.
Workaround: Block logins with spaces

    acl login_with_spaces proxy_auth_regex [:space:]
	    http_access deny login_with_spaces
OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchsquid< 2.5.7_7UNKNOWN

Related

nessus 9
cve 1
ubuntucve 1
debiancve 1
cert 1
openvas 7
debian 2
ubuntu 1
osv 1
gentoo 1
suse 1
redhat 2
nessus
nessus
FreeBSD : squid -- no sanity check of usernames in squid_ldap_auth (7a921e9e-68b1-11d9-9e1e-c296ac722cb3)
2005-07-13 00:00:00
GLSA-200502-04 : Squid: Multiple vulnerabilities
2005-02-14 00:00:00
Mandrake Linux Security Advisory : squid (MDKSA-2005:034)
2005-02-11 00:00:00
cve
cve
CVE-2005-0173
2005-05-02 04:00:00
ubuntucve
ubuntucve
CVE-2005-0173
2005-05-02 00:00:00
debiancve
debiancve
CVE-2005-0173
2005-05-02 04:00:00
cert
cert
Squid LDAP authentication routines fail to check for invalid input
2005-02-04 00:00:00
openvas
openvas
FreeBSD Ports: squid
2008-09-04 00:00:00
FreeBSD Ports: squid
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200502-04 (squid)
2008-09-24 00:00:00
debian
debian
[SECURITY] [DSA 667-1] New squid packages fix several vulnerabilities
2005-02-04 16:35:59
[SECURITY] [DSA 667-1] New squid packages fix several vulnerabilities
2005-02-04 00:00:00
ubuntu
ubuntu
Squid vulnerabilities
2005-02-08 00:00:00
osv
osv
squid - several
2005-02-04 00:00:00
gentoo
gentoo
Squid: Multiple vulnerabilities
2005-02-02 00:00:00
suse
suse
remote command execution in squid
2005-02-10 15:13:39
redhat
redhat
(RHSA-2005:060) squid security update
2005-02-15 00:00:00
(RHSA-2005:061) squid security update
2005-02-11 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.2%

JSON
Related for 7A921E9E-68B1-11D9-9E1E-C296AC722CB3
nessus9cve1ubuntucve1debiancve1cert1openvas7debian2ubuntu1osv1gentoo1suse1redhat2