Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2005-0194

Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings.

Published

2005-05-02T04:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 10.0 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	squid	squid	2.0.patch1	Yes
Application	squid	squid	2.0.patch2	Yes
Application	squid	squid	2.0.pre1	Yes
Application	squid	squid	2.0.release	Yes
Application	squid	squid	2.1.patch1	Yes
Application	squid	squid	2.1.patch2	Yes
Application	squid	squid	2.1.pre1	Yes
Application	squid	squid	2.1.pre3	Yes
Application	squid	squid	2.1.pre4	Yes
Application	squid	squid	2.1.release	Yes
Application	squid	squid	2.2.devel3	Yes
Application	squid	squid	2.2.devel4	Yes
Application	squid	squid	2.2.pre1	Yes
Application	squid	squid	2.2.pre2	Yes
Application	squid	squid	2.2.stable1	Yes
Application	squid	squid	2.2.stable2	Yes
Application	squid	squid	2.2.stable3	Yes
Application	squid	squid	2.2.stable4	Yes
Application	squid	squid	2.2.stable5	Yes
Application	squid	squid	2.3.devel2	Yes
Application	squid	squid	2.3.devel3	Yes
Application	squid	squid	2.3.stable1	Yes
Application	squid	squid	2.3.stable2	Yes
Application	squid	squid	2.3.stable3	Yes
Application	squid	squid	2.3.stable4	Yes
Application	squid	squid	2.3.stable5	Yes
Application	squid	squid	2.4.stable1	Yes
Application	squid	squid	2.4.stable2	Yes
Application	squid	squid	2.4.stable3	Yes
Application	squid	squid	2.4.stable4	Yes
Application	squid	squid	2.4.stable6	Yes
Application	squid	squid	2.4.stable7	Yes
Application	squid	squid	2.5.stable1	Yes
Application	squid	squid	2.5.stable2	Yes
Application	squid	squid	2.5.stable3	Yes
Application	squid	squid	2.5.stable4	Yes
Application	squid	squid	2.5.stable5	Yes
Application	squid	squid	2.5.stable6	Yes

References

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923 Patch ([email protected])
http://fedoranews.org/updates/FEDORA--.shtml ([email protected])
http://marc.info/?l=bugtraq&m=110901183320453&w=2 ([email protected])
http://www.debian.org/security/2005/dsa-667 Patch, Vendor Advisory ([email protected])
http://www.kb.cert.org/vuls/id/260421 Patch, Third Party Advisory, US Government Resource ([email protected])
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls Patch ([email protected])
http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch Patch ([email protected])
http://www.squid-cache.org/bugs/show_bug.cgi?id=1166 Vendor Advisory ([email protected])
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://fedoranews.org/updates/FEDORA--.shtml (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=110901183320453&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2005/dsa-667 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/260421 Patch, Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.squid-cache.org/bugs/show_bug.cgi?id=1166 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)