exploits , vulnerabilities , articles , Squid Proxy squid_ldap_auth Authentication Bypass Vulnerability

Title	Squid Proxy squid_ldap_auth Authentication Bypass Vulnerability
Published	2005-02-02-12:00AM
Updated	2005-03-07-04:17PM
Class	Input Validation Error
CVE	CAN-2005-0173
Remote	Yes
Local	No
Credit	The individual or individuals responsible for the discovery of this issue are currently unknown; the vendor disclosed this issue.
Vulnerable	Squid Web Proxy Cache 2.5 .STABLE7 Conectiva Linux 9.0 Conectiva Linux 10.0 Gentoo Linux RedHat Fedora Core2 RedHat Fedora Core3 Squid Web Proxy Cache 2.5 .STABLE6 MandrakeSoft Linux Mandrake 10.1 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.2 x86_64 Turbolinux Appliance Server 1.0 Hosting Edition Turbolinux Appliance Server 1.0 Workgroup Edition Turbolinux Appliance Server Hosting Edition 1.0 Turbolinux Appliance Server Workgroup Edition 1.0 Turbolinux Turbolinux Server 7.0 Turbolinux Turbolinux Server 8.0 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Workstation 7.0 Turbolinux Turbolinux Workstation 8.0 Squid Web Proxy Cache 2.5 .STABLE5 Conectiva Linux 9.0 Conectiva Linux 10.0 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.1 x86_64 Trustix Secure Linux 2.0 Trustix Secure Linux 2.1 Ubuntu Ubuntu Linux 4.1 ia32 Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ppc Squid Web Proxy Cache 2.5 .STABLE4 MandrakeSoft Corporate Server 3.0 MandrakeSoft Linux Mandrake 10.0 MandrakeSoft Linux Mandrake 10.0 amd64 OpenPKG OpenPKG Current OpenPKG OpenPKG 2.0 Squid Web Proxy Cache 2.5 .STABLE3 MandrakeSoft Linux Mandrake 9.2 MandrakeSoft Linux Mandrake 9.2 amd64 OpenPKG OpenPKG 1.3 RedHat Desktop 3.0 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux WS 3 RedHat Fedora Core1 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 9.0 x86_64 Squid Web Proxy Cache 2.5 .STABLE1 MandrakeSoft Linux Mandrake 9.1 MandrakeSoft Linux Mandrake 9.1 ppc S.u.S.E. Linux Personal 8.2 Squid Web Proxy Cache 2.4 .STABLE7 MandrakeSoft Corporate Server 2.1 MandrakeSoft Corporate Server 2.1 x86_64 MandrakeSoft Multi Network Firewall 2.0 RedHat Enterprise Linux AS 2.1 RedHat Enterprise Linux AS 2.1 IA64 RedHat Enterprise Linux ES 2.1 RedHat Enterprise Linux ES 2.1 IA64 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux WS 2.1 IA64 RedHat Linux Advanced Work Station 2.1 Squid Web Proxy Cache 2.4 .STABLE6 Debian Linux 3.0 Debian Linux 3.0 alpha Debian Linux 3.0 arm Debian Linux 3.0 hppa Debian Linux 3.0 ia32 Debian Linux 3.0 ia64 Debian Linux 3.0 m68k Debian Linux 3.0 mips Debian Linux 3.0 mipsel Debian Linux 3.0 ppc Debian Linux 3.0 s/390 Debian Linux 3.0 sparc Squid Web Proxy Cache 2.4 .STABLE2 Squid Web Proxy Cache 2.4 Debian Linux 3.0 Debian Linux 3.0 alpha Debian Linux 3.0 arm Debian Linux 3.0 hppa Debian Linux 3.0 ia32 Debian Linux 3.0 ia64 Debian Linux 3.0 m68k Debian Linux 3.0 mips Debian Linux 3.0 mipsel Debian Linux 3.0 ppc Debian Linux 3.0 s/390 Debian Linux 3.0 sparc Squid Web Proxy Cache 2.3 .STABLE5 Squid Web Proxy Cache 2.3 .STABLE4 Squid Web Proxy Cache 2.1 PATCH2 Squid Web Proxy Cache 2.0 PATCH2 SGI ProPack 3.0 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 S.u.S.E. Linux 8.1 S.u.S.E. Linux 8.0 i386 S.u.S.E. Linux 8.0 Astaro Security Linux 4.0 17 Astaro Security Linux 4.0 16 Astaro Security Linux 4.0 08 Astaro Security Linux 3.217 Astaro Security Linux 3.2 16 Astaro Security Linux 3.2 15 Astaro Security Linux 3.2 12 Astaro Security Linux 3.2 11 Astaro Security Linux 3.2 10 Astaro Security Linux 3.2 00 Astaro Security Linux 2.0 30 Astaro Security Linux 2.0 27 Astaro Security Linux 2.0 26 Astaro Security Linux 2.0 25 Astaro Security Linux 2.0 24 Astaro Security Linux 2.0 23 Astaro Security Linux 2.0 16
Not Vulnerable
Code	An exploit is not required to carry out this attack.
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-18 Adobe Flash Media Server Resource Exhaustion Remote Denial of Service Vulnerability
• 2009-12-18 Centreon Authentication Mechanism Security Bypass Vulnerability
• 2009-12-18 Family Connections Multiple Input Validation Vulnerabilities
• 2009-12-18 Drupal Contact and Menu Modules Multiple HTML Injection Vulnerabilities
• 2009-12-18 Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability
• 2009-12-18 Mozilla Firefox CVE-2009-3982 JavaScript Engine Multiple Remote Memory Corruption Vulnerabilities
• 2009-12-17 Zen Cart Insecure File and Programs Information Disclosure and Database Deletion Vulnerability
• 2009-12-17 Winamp Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities
• 2009-12-17 Winamp JPEG and PNG Multiple Integer Overflow Vulnerabilities
• 2009-12-17 HP OpenView Storage Data Protector Stack Buffer Overflow Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Sat, 19 Dec 2009 00:03:05 +0000