CVE Vulnerabilities

CVE-2019-12522

Improper Privilege Management

Published: Apr 15, 2020 | Modified: Mar 10, 2021
CVSS 3.x
4.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
CVSS 2.x
4.4 MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
4.5 LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Ubuntu
LOW

An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name Vendor Start Version End Version
Squid Squid-cache * 4.7 (including)
Squid Ubuntu eoan *
Squid Ubuntu groovy *
Squid Ubuntu hirsute *
Squid Ubuntu impish *
Squid Ubuntu kinetic *
Squid Ubuntu lunar *
Squid Ubuntu mantic *
Squid Ubuntu trusty *
Squid Ubuntu upstream *
Squid3 Ubuntu bionic *
Squid3 Ubuntu precise/esm *
Squid3 Ubuntu trusty *
Squid3 Ubuntu upstream *
Squid3 Ubuntu xenial *

Potential Mitigations

References