Unrated severityNVD Advisory· Published Apr 15, 2020· Updated Aug 4, 2024
CVE-2019-12522
CVE-2019-12522
Description
An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.
Affected products
2- Squid/Squiddescription
Patches
Vulnerability mechanics
References
2- gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12522.txtmitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20210205-0006/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.