Squid · Squid · CVE-2020-11945
Name of the Vulnerable Software and Affected Versions:
Squid versions prior to 5.0.2
Description:
The issue is related to an integer overflow in the nonce storage mechanism of Squid's digest authentication proxy server. This can allow a remote attacker to gain access to confidential data, compromise its integrity, and cause a denial of service. The attacker can replay a sniffed Digest Authentication nonce to access forbidden resources. Remote code execution may occur if the pooled token credentials are freed instead of being replayed as valid credentials.
Recommendations:
For Squid versions prior to 5.0.2, update to version 5.0.2 or later to resolve the issue.
As a temporary workaround, consider restricting access to the digest authentication mechanism until a patch is available.
Avoid using the `nonce` value in the affected authentication process until the issue is resolved.