CVE-2019-12522

Опубликовано: 15 апр. 2020

Источник: ubuntu

Приоритет: low

EPSS Низкий

CVSS2: 4.4

CVSS3: 4.5

Описание

An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.

Релиз	Статус	Примечание
bionic	DNE
devel	deferred
eoan	ignored	end of life
esm-infra-legacy/trusty	DNE
esm-infra/focal	deferred
focal	ignored	end of standard support, was deferred
groovy	ignored	end of life
hirsute	ignored	end of life
impish	ignored	end of life
jammy	deferred

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was deferred
devel	DNE
eoan	DNE
esm-infra-legacy/trusty	DNE
esm-infra/bionic	deferred
esm-infra/focal	DNE
esm-infra/xenial	deferred
focal	DNE
groovy	DNE
hirsute	DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 40%

0.0018

Низкий

4.4 Medium

CVSS2

4.5 Medium

CVSS3

Связанные уязвимости

CVE-2019-12522

CVSS3: 4.5

redhat

почти 6 лет назад

CVE-2019-12522

CVSS3: 4.5

nvd

почти 6 лет назад

CVE-2019-12522

CVSS3: 4.5

debian

почти 6 лет назад

An issue was discovered in Squid through 4.7. When Squid is run as roo ...

GHSA-rwjf-j42w-jfr4

github

больше 3 лет назад

EPSS

Процентиль: 40%

0.0018

Низкий

4.4 Medium

CVSS2

4.5 Medium

CVSS3

CVE-2019-12522

Описание

Пакет squid

Пакет squid3

Ссылки на источники

Связанные уязвимости