Main Vulnerability Database Vulnerabilities #VU113717

#VU113717 Permissions, Privileges, and Access Controls in Squid - CVE-2019-12522

Published: August 6, 2025

Vulnerability identifier: #VU113717

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-12522

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Squid

Software vendor:
Squid-cache.org

Description

The vulnerability allows a local user to escalate privileges on the system.

When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.

Remediation

Install updates from vendor's website.

External links

https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12522.txt
https://security.netapp.com/advisory/ntap-20210205-0006/

#VU113717 Permissions, Privileges, and Access Controls in Squid - CVE-2019-12522

Description

Remediation

External links

Please verify you're human