CVE-2019-12522 — Improper Privilege Management in Squid

CWE-269 — Improper Privilege Management CWE-266 — Incorrect Privilege Assignment7 documents7 sources

Severity

4.5MEDIUMNVD

EPSS

0.2%

top 60.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Squid-cache Squid

Timeline

PublishedApr 15

Latest updateMay 24

Description

An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.0 | Impact: 3.4

Affected Packages1 packages

▶NVDsquid-cache/squid4.7

🔴Vulnerability Details

GHSA

GHSA-rwjf-j42w-jfr4: An issue was discovered in Squid through 4↗2022-05-24

▶

CVEList

CVE-2019-12522: An issue was discovered in Squid through 4↗2020-04-15

▶

OSV

CVE-2019-12522: An issue was discovered in Squid through 4↗2020-04-15

▶

📋Vendor Advisories

Red Hat

squid: lack of UID assignment in child process spawning could lead to privileges escalation↗2020-04-24

▶

Debian

CVE-2019-12522: squid - An issue was discovered in Squid through 4.7. When Squid is run as root, it spaw...↗2019

▶

💬Community

Bugzilla

CVE-2019-12522 squid: lack of UID assignment in child process spawning could lead to privileges escalation↗2020-04-24

▶