FreeBSD Ports: Squid Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Solution

Update your system with the appropriate patches or software upgrades. http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces http://www.squid-cache.org/bugs/show_bug.cgi?id=1187 http://www.vuxml.org/freebsd/7a921e9e-68b1-11d9-9e1e-c296ac722cb3.html

Insight

The following package is affected: squid CVE-2005-0173 squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.

Severity

Classification

CVE CVE-2005-0173
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

FreeBSD Ports: chromium
FreeBSD Ports: bind99
FreeBSD Ports: awstats
FreeBSD Ports: ca_root_nss
FreeBSD Ports: chromium

FreeBSD Ports: squid

Take action and discover your vulnerabilities