Bug 146787 - CAN-2005-0194 Empty proxy_auth ACLs are silently accepted but lead to unpredictable ACL matching
Summary: CAN-2005-0194 Empty proxy_auth ACLs are silently accepted but lead to unpredi...
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: squid
Version: 3.0
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Jay Fenlason
QA Contact:
Whiteboard: impact=moderate,public=20050115
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2005-02-01 16:58 UTC by Josh Bressers
Modified: 2014-08-31 23:27 UTC (History)
2 users (show)

Clone Of:
Last Closed: 2005-03-14 16:13:42 UTC

Attachments (Terms of Use)

Description Josh Bressers 2005-02-01 16:58:08 UTC
If a proxy_auth acl is incorrectly defined with no members then any http_access
rules using this acl will give unpredictable results depending on the results of
earlier acl lookups. This patch corrects both the reason to why acl lookups
became unpredictable and makes Squid reject such incorrect acl definitions.

The upstream patch for this issue is here:

Comment 1 Josh Bressers 2005-02-01 16:59:48 UTC
This issue should also affect RHEL2.1

Comment 2 Jay Fenlason 2005-02-01 19:58:16 UTC
RHEL-2.1 is safe--squid-2.4.STABLE7 errors on startup if the config file 
contains empty proxy_auth acls. 

Comment 3 David Eisenstein 2005-10-15 15:47:41 UTC
In which of the RHSA's was this issue fixed?

Comment 4 David Eisenstein 2005-10-15 15:50:52 UTC
D'oh.  I think I found it -- RHSA-2005:061.  Sorry to bother you.

Note You need to log in before you can comment on or make changes to this bug.