PT-2020-5764 · Squid+8 · Squid+9

Clément Berthaux

+1

·

Published

2020-04-23

·

Updated

2024-06-15

·

CVE-2020-11945

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Squid versions prior to 5.0.2
Description: The issue is related to an integer overflow in the nonce storage mechanism of Squid's digest authentication proxy server. This can allow a remote attacker to gain access to confidential data, compromise its integrity, and cause a denial of service. The attacker can replay a sniffed Digest Authentication nonce to access forbidden resources. Remote code execution may occur if the pooled token credentials are freed instead of being replayed as valid credentials.
Recommendations: For Squid versions prior to 5.0.2, update to version 5.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the digest authentication mechanism until a patch is available. Avoid using the nonce value in the affected authentication process until the issue is resolved.

Fix

RCE

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2020:2041
ALT-PU-2020-1909
ALT-PU-2020-3140
ALT-PU-2020-3142
BDU:2021-01723
CESA-2020_2040
CESA-2020_2041
CVE-2020-11945
DLA-2278-1
DSA-4682-1
MGASA-2020-0187
OESA-2021-1092
OPENSUSE-SU-2020:0623-1
OPENSUSE-SU-2020_0623-1
OPENSUSE-SU-2024:11403-1
RHSA-2020:2038
RHSA-2020:2039
RHSA-2020:2040
RHSA-2020:2041
RHSA-2020_2040
RHSA-2020_2041
RLSA-2020:2041
SUSE-SU-2020:1134-1
SUSE-SU-2020:1156-1
SUSE-SU-2020:1227-1
SUSE-SU-2020:14460-1
USN-4356-1

Affected Products

Alt Linux
Almalinux
Centos
Linuxmint
Red Hat
Rocky Linux
Squid
Squid Cache
Suse
Ubuntu