CVE-2005-0173
UnknownEPSS 31.94%
Last modified
CVE-2005-0173 is a vulnerability of currently unknown severity. squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.. EPSS estimates a 31.94% chance of exploitation in the next 30 days.
Description
squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Squid | Squid | 2.0.patch1 |
| Squid | Squid | 2.0.patch2 |
| Squid | Squid | 2.0.pre1 |
| Squid | Squid | 2.0.release |
| Squid | Squid | 2.1.patch1 |
| Squid | Squid | 2.1.patch2 |
| Squid | Squid | 2.1.pre1 |
| Squid | Squid | 2.1.pre3 |
| Squid | Squid | 2.1.pre4 |
| Squid | Squid | 2.1.release |
| Squid | Squid | 2.2.devel3 |
| Squid | Squid | 2.2.devel4 |
| Squid | Squid | 2.2.pre1 |
| Squid | Squid | 2.2.pre2 |
| Squid | Squid | 2.2.stable1 |
| Squid | Squid | 2.2.stable2 |
| Squid | Squid | 2.2.stable3 |
| Squid | Squid | 2.2.stable4 |
| Squid | Squid | 2.2.stable5 |
| Squid | Squid | 2.3.devel2 |
| Squid | Squid | 2.3.devel3 |
| Squid | Squid | 2.3.stable1 |
| Squid | Squid | 2.3.stable2 |
| Squid | Squid | 2.3.stable3 |
| Squid | Squid | 2.3.stable4 |
| Squid | Squid | 2.3.stable5 |
| Squid | Squid | 2.4.stable1 |
| Squid | Squid | 2.4.stable2 |
| Squid | Squid | 2.4.stable3 |
| Squid | Squid | 2.4.stable4 |
| Squid | Squid | 2.4.stable6 |
| Squid | Squid | 2.4.stable7 |
| Squid | Squid | 2.5.stable1 |
| Squid | Squid | 2.5.stable2 |
| Squid | Squid | 2.5.stable3 |
| Squid | Squid | 2.5.stable4 |
| Squid | Squid | 2.5.stable5 |
| Squid | Squid | 2.5.stable6 |
References
- http://www.debian.org/security/2005/dsa-667Patch, Vendor Advisory
- http://www.kb.cert.org/vuls/id/924198Patch, Third Party Advisory, US Government Resource
- http://www.novell.com/linux/security/advisories/2005_06_squid.htmlPatch, Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-060.htmlPatch, Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-061.htmlPatch, Vendor Advisory
- http://www.debian.org/security/2005/dsa-667Patch, Vendor Advisory
- http://www.kb.cert.org/vuls/id/924198Patch, Third Party Advisory, US Government Resource
- http://www.novell.com/linux/security/advisories/2005_06_squid.htmlPatch, Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-060.htmlPatch, Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-061.htmlPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2005-0173?
squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.
How severe is CVE-2005-0173?
Severity scoring for CVE-2005-0173 is pending analysis. The EPSS model estimates a 31.94% probability of exploitation in the next 30 days.
How do I fix CVE-2005-0173?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2005-0173?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST