An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
21 Nov 2024, 04:58
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html - Mailing List, Third Party Advisory | |
References | () http://master.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch - Vendor Advisory | |
References | () http://www.openwall.com/lists/oss-security/2020/04/23/2 - Mailing List, Third Party Advisory | |
References | () http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch - Patch, Vendor Advisory | |
References | () https://bugzilla.suse.com/show_bug.cgi?id=1170313 - Issue Tracking, Third Party Advisory | |
References | () https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811 - Patch, Third Party Advisory | |
References | () https://github.com/squid-cache/squid/pull/585 - Patch, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FWQRYZJPHAZBLXJ56FPCHJN5X2FP3VA/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4MWXEZAJSOGRJSS2JCJK4WBSND4IV46/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RV2VZWFJNO3B56IVN56HHKJASG5DYUIX/ - | |
References | () https://security.gentoo.org/glsa/202005-05 - Third Party Advisory | |
References | () https://security.netapp.com/advisory/ntap-20210304-0004/ - Third Party Advisory | |
References | () https://usn.ubuntu.com/4356-1/ - Third Party Advisory | |
References | () https://www.debian.org/security/2020/dsa-4682 - Third Party Advisory |
Information
Published : 2020-04-23 15:15
Updated : 2024-11-21 04:58
NVD link : CVE-2020-11945
Mitre link : CVE-2020-11945
CVE.ORG link : CVE-2020-11945
JSON object : View
Products Affected
canonical
- ubuntu_linux
fedoraproject
- fedora
debian
- debian_linux
opensuse
- leap
squid-cache
- squid
CWE
CWE-190
Integer Overflow or Wraparound