CVE-2005-0194

Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:squid:squid:2.0.patch1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.0.patch2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.0.pre1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.0.release:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.1.patch1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.1.patch2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.1.pre1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.1.pre3:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.1.pre4:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.1.release:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.2.devel3:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.2.devel4:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.2.pre1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.2.pre2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.2.stable1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.2.stable2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.2.stable3:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.2.stable4:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.2.stable5:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.3.devel2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.3.devel3:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.3.stable1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.3.stable2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.3.stable3:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.3.stable4:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.3.stable5:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.4.stable1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.4.stable2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.4.stable3:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.4.stable4:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.4.stable6:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.4.stable7:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*

History

20 Nov 2024, 23:54

Type Values Removed Values Added
References () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923 - Patch () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923 - Patch
References () http://fedoranews.org/updates/FEDORA--.shtml - () http://fedoranews.org/updates/FEDORA--.shtml -
References () http://marc.info/?l=bugtraq&m=110901183320453&w=2 - () http://marc.info/?l=bugtraq&m=110901183320453&w=2 -
References () http://www.debian.org/security/2005/dsa-667 - Patch, Vendor Advisory () http://www.debian.org/security/2005/dsa-667 - Patch, Vendor Advisory
References () http://www.kb.cert.org/vuls/id/260421 - Patch, Third Party Advisory, US Government Resource () http://www.kb.cert.org/vuls/id/260421 - Patch, Third Party Advisory, US Government Resource
References () http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls - Patch () http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls - Patch
References () http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch - Patch () http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch - Patch
References () http://www.squid-cache.org/bugs/show_bug.cgi?id=1166 - Vendor Advisory () http://www.squid-cache.org/bugs/show_bug.cgi?id=1166 - Vendor Advisory

Information

Published : 2005-05-02 04:00

Updated : 2024-11-20 23:54


NVD link : CVE-2005-0194

Mitre link : CVE-2005-0194

CVE.ORG link : CVE-2005-0194


JSON object : View

Products Affected

squid

  • squid