Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2005-0173 at MITRE


squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.
CVSS v2 Scores
  National Vulnerability Database
Base Score 7.48
Vector AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

SUSE information

SUSE Bugzilla entry: 65023 [RESOLVED]

SUSE Security Advisories: