CVE-2019-12522

Published: Apr 15, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12522.txt

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20210205-0006/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-12522

Description

Affected Products

References