#VU22589 Information disclosure in Squid


Published: 2019-11-07 | Updated: 2019-12-05

Vulnerability identifier: #VU22589

Vulnerability risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-18679

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Squid
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Squid-cache.org

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to incorrect data management when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer which sits within heap memory allocation. This allows a remote attacker to gain knowledge of memory allocations and bypass ASLR protection and help in exploitation of other vulnerabilities.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Squid: 4.0.1 - 4.8, 3.0 - 3.5.28

External links
http://www.squid-cache.org/Advisories/SQUID-2019_11.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Red Hat Enterprise Linux 8 update for the squid:4 module
Debian update for squid
Gentoo update for Squid
Ubuntu update for Squid
OpenSUSE Linux update for squid
OpenSUSE Linux update for squid
Information disclosure in squid (Alpine package)
Arch Linux update for squid
Multiple vulnerabilities in Squid proxy server