Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-12522

Опубликовано: 24 апр. 2020
Источник: redhat
CVSS3: 4.5
EPSS Низкий

Описание

An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.

A flaw was found in squid. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Отчет

This issue is not a big problem on its own, as it requires another remote code execution vulnerability or that a local user has the privileges to modify the squid processes to be exploited. Thus, it is actually closer to a security enhancement than a vulnerability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5squidOut of support scope
Red Hat Enterprise Linux 6squidOut of support scope
Red Hat Enterprise Linux 6squid34Out of support scope
Red Hat Enterprise Linux 7squidFix deferred
Red Hat Enterprise Linux 8squid:4/squidFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-266
https://bugzilla.redhat.com/show_bug.cgi?id=1827580squid: lack of UID assignment in child process spawning could lead to privileges escalation

EPSS

Процентиль: 40%
0.0018
Низкий

4.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-12522

CVSS3: 4.5
ubuntu
почти 6 лет назад

An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.

nvd логотип

CVE-2019-12522

CVSS3: 4.5
nvd
почти 6 лет назад

An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.

debian логотип

CVE-2019-12522

CVSS3: 4.5
debian
почти 6 лет назад

An issue was discovered in Squid through 4.7. When Squid is run as roo ...

github логотип

GHSA-rwjf-j42w-jfr4

github
больше 3 лет назад

An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.

EPSS

Процентиль: 40%
0.0018
Низкий

4.5 Medium

CVSS3