Unrated severityNVD Advisory· Published May 2, 2005· Updated Apr 16, 2026
CVE-2005-0173
CVE-2005-0173
Description
squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.
Affected products
38cpe:2.3:a:squid:squid:2.0.patch1:*:*:*:*:*:*:*+ 37 more
- cpe:2.3:a:squid:squid:2.0.patch1:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.0.patch2:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.0.pre1:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.0.release:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.1.patch1:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.1.patch2:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.1.pre1:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.1.pre3:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.1.pre4:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.1.release:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.2.devel3:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.2.devel4:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.2.pre1:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.2.pre2:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.2.stable1:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.2.stable2:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.2.stable3:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.2.stable4:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.2.stable5:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.3.devel2:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.3.devel3:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.3.stable1:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.3.stable2:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.3.stable3:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.3.stable4:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.3.stable5:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.4.stable1:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.4.stable2:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.4.stable3:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.4.stable4:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.4.stable6:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.4.stable7:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
14- distro.conectiva.com.br/atualizacoes/nvdPatch
- www.debian.org/security/2005/dsa-667nvdPatchVendor Advisory
- www.kb.cert.org/vuls/id/924198nvdPatchThird Party AdvisoryUS Government Resource
- www.novell.com/linux/security/advisories/2005_06_squid.htmlnvdPatchVendor Advisory
- www.redhat.com/support/errata/RHSA-2005-060.htmlnvdPatchVendor Advisory
- www.redhat.com/support/errata/RHSA-2005-061.htmlnvdPatchVendor Advisory
- www.squid-cache.org/Versions/v2/2.5/bugs/nvdPatch
- www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patchnvdPatch
- fedoranews.org/updates/FEDORA--.shtmlnvd
- marc.infonvd
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/bid/12431nvd
- www.squid-cache.org/bugs/show_bug.cginvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10251nvd
News mentions
0No linked articles in our index yet.