squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.
Software | From | Fixed in |
---|---|---|
squid / squid | 2.0.patch1 | 2.0.patch1.x |
squid / squid | 2.0.patch2 | 2.0.patch2.x |
squid / squid | 2.0.pre1 | 2.0.pre1.x |
squid / squid | 2.0.release | 2.0.release.x |
squid / squid | 2.1.patch1 | 2.1.patch1.x |
squid / squid | 2.1.patch2 | 2.1.patch2.x |
squid / squid | 2.1.pre1 | 2.1.pre1.x |
squid / squid | 2.1.pre3 | 2.1.pre3.x |
squid / squid | 2.1.pre4 | 2.1.pre4.x |
squid / squid | 2.1.release | 2.1.release.x |
squid / squid | 2.2.devel3 | 2.2.devel3.x |
squid / squid | 2.2.devel4 | 2.2.devel4.x |
squid / squid | 2.2.pre1 | 2.2.pre1.x |
squid / squid | 2.2.pre2 | 2.2.pre2.x |
squid / squid | 2.2.stable1 | 2.2.stable1.x |
squid / squid | 2.2.stable2 | 2.2.stable2.x |
squid / squid | 2.2.stable3 | 2.2.stable3.x |
squid / squid | 2.2.stable4 | 2.2.stable4.x |
squid / squid | 2.2.stable5 | 2.2.stable5.x |
squid / squid | 2.3.devel2 | 2.3.devel2.x |
squid / squid | 2.3.devel3 | 2.3.devel3.x |
squid / squid | 2.3.stable1 | 2.3.stable1.x |
squid / squid | 2.3.stable2 | 2.3.stable2.x |
squid / squid | 2.3.stable3 | 2.3.stable3.x |
squid / squid | 2.3.stable4 | 2.3.stable4.x |
squid / squid | 2.3.stable5 | 2.3.stable5.x |
squid / squid | 2.4.stable1 | 2.4.stable1.x |
squid / squid | 2.4.stable2 | 2.4.stable2.x |
squid / squid | 2.4.stable3 | 2.4.stable3.x |
squid / squid | 2.4.stable4 | 2.4.stable4.x |
squid / squid | 2.4.stable6 | 2.4.stable6.x |
squid / squid | 2.4.stable7 | 2.4.stable7.x |
squid / squid | 2.5.stable1 | 2.5.stable1.x |
squid / squid | 2.5.stable2 | 2.5.stable2.x |
squid / squid | 2.5.stable3 | 2.5.stable3.x |
squid / squid | 2.5.stable4 | 2.5.stable4.x |
squid / squid | 2.5.stable5 | 2.5.stable5.x |
squid / squid | 2.5.stable6 | 2.5.stable6.x |