Info

Disclosure

Jan 17, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Squid contains a flaw that may allow a malicious user to bypass access controls. The issue is triggered when a user adds spaces as padding around the username, when Squid authenticates against LDAP. It is possible that the flaw may allow circumvention of access controls resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Authentication Management, Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Team Squid has released a patch to address this vulnerability.

Products

Team Squid	Squid	2.5STABLE1
		2.5STABLE2
		2.5STABLE3
		2.5STABLE4
		2.5STABLE5
		2.5STABLE6
		2.5STABLE7

References

Secunia Advisory ID: 13843 14185 14228 14251 14484
CVE ID: 2005-0173 (see also: NVD)
Other Advisory URL: http://www.astaro.org/showflat.php?Cat=&Number=56136&page=0&view=collapsed&sb=5&o ......
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:034
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces
http://www.ubuntulinux.org/support/documentation/usn/usn-77-1
Vendor Specific Advisory URL: http://www.debian.org/security/2005/dsa-667
http://www.gentoo.org/security/en/glsa/glsa-200502-04.xml
RedHat RHSA: RHSA-2005:061

Credit

Andrew P - apmailistfree.fr -

Direct URL: http://osvdb.org/36218