Security Advisory

CVE-2019-12522

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-04-15 19:00:01

Last updated 2024-08-04 23:24:38

Assigner mitre

State PUBLISHED

Description

An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.

← Browse all CVEs View on cve.org ↗