CVE-2005-0194

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2005-0194
Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings.

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch Patch
http://www.squid-cache.org/bugs/show_bug.cgi?id=1166 Vendor Advisory
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls Patch
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923 Patch
http://www.debian.org/security/2005/dsa-667 Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/260421 Patch Third Party Advisory US Government Resource
http://fedoranews.org/updates/FEDORA--.shtml
http://marc.info/?l=bugtraq&m=110901183320453&w=2
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:squid:squid:2.0.release:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.1.patch1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.2.pre1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.2.pre2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.3.devel3:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.3.stable1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.4.stable3:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.4.stable4:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.0.patch2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.0.pre1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.3.stable3:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.2.stable2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.2.stable3:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.1.patch2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.2.stable4:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.0.patch1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.1.release:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.1.pre4:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.1.pre3:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.4.stable7:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.2.devel4:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.3.stable2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.4.stable1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.2.stable1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.1.pre1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.4.stable2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.2.devel3:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.2.stable5:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.4.stable6:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.3.devel2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.3.stable4:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.3.stable5:*:*:*:*:*:*:*
Information

Published : 2005-05-01 21:00

Updated : 2016-10-17 20:08

NVD link : CVE-2005-0194

Mitre link : CVE-2005-0194

JSON object : View

CWE
NVD-CWE-Other
Advertisement

dedicated server usa
Products Affected

squid

  • squid