Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0194

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2005-0194
Last Modified 05 Sep 2008 04:45:33
Published 02 May 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0194

Summary

Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings.

Vulnerable Systems

Application

  • Squid 2.0.patch1

  • Squid 2.0.patch2

  • Squid 2.0.pre1

  • Squid 2.0.release

  • Squid 2.1.patch1

  • Squid 2.1.patch2

  • Squid 2.1.pre1

  • Squid 2.1.pre3

  • Squid 2.1.pre4

  • Squid 2.1.release

  • Squid 2.2.devel3

  • Squid 2.2.devel4

  • Squid 2.2.pre1

  • Squid 2.2.pre2

  • Squid 2.2.stable1

  • Squid 2.2.stable2

  • Squid 2.2.stable3

  • Squid 2.2.stable4

  • Squid 2.2.stable5

  • Squid 2.3.devel2

  • Squid 2.3.devel3

  • Squid 2.3.stable1

  • Squid 2.3.stable2

  • Squid 2.3.stable3

  • Squid 2.3.stable4

  • Squid 2.3.stable5

  • Squid 2.4.stable1

  • Squid 2.4.stable2

  • Squid 2.4.stable3

  • Squid 2.4.stable4

  • Squid 2.4.stable6

  • Squid 2.4.stable7

  • Squid 2.5.stable1

  • Squid 2.5.stable2

  • Squid 2.5.stable3

  • Squid 2.5.stable4

  • Squid 2.5.stable5

  • Squid 2.5.stable6


References

CERT-VN - VU#260421

CONFIRM - http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch

CONFIRM - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls

DEBIAN - DSA-667

BUGTRAQ - 20050221 [USN-84-1] Squid vulnerabilities

CONECTIVA - CLA-2005:923

CONFIRM - http://www.squid-cache.org/bugs/show_bug.cgi?id=1166

FEDORA - FLSA-2006:152809


Last Updated: 27 May 2016 10:39:42