CVE-2005-0173

Description

squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.

How to fix CVE-2005-0173

To remediate CVE-2005-0173, upgrade the affected package to a fixed version below.

• Debian/squid—upgrade to 2.5.7-4 or later
• Debian/squid—upgrade to 2.4.6-2woody6 or later

Is CVE-2005-0173 being exploited?

Low — EPSS is 1.7%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 2.5.7-4
• from 0, < 2.4.6-2woody6

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2005-0173