PT-2015-4379 · Squid+2 · Squid+3

Huzaifa Sidhpurwala

Published

2014-04-24

Updated

2018-10-30

CVE-2014-9749

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Squid versions 3.4.4 through 3.4.11 Squid versions 3.5.0.1 through 3.5.1

Description The issue allows remote authenticated users to retain access by leveraging a stale nonce when Digest authentication is used.

Recommendations For Squid versions 3.4.4 through 3.4.11, update to a version outside of this range to resolve the issue. For Squid versions 3.5.0.1 through 3.5.1, update to a version outside of this range to resolve the issue. As a temporary workaround, consider disabling Digest authentication until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2014-1531

ALT-PU-2015-1383

CVE-2014-9749

SUSE-SU-2015:1983-1

SUSE-SU-2017:0110-1

SUSE-SU-2017:0116-1

SUSE-SU-2017:0128-1

SUSE-SU-2017_0110-1

SUSE-SU-2017_0116-1

SUSE-SU-2017_0128-1

Affected Products

Alt Linux

Squid

Squid Cache

Suse

PT-2015-4379 · Squid+2 · Squid+3

CVE-2014-9749

Weakness Enumeration

Related Identifiers

Affected Products

References · 57