CVE-2020-11945 Information
Share on:Description
An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html http://master.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch http://www.openwall.com/lists/oss-security/2020/04/23/2 http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch https://bugzilla.suse.com/show_bug.cgi?id=1170313 https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811 https://github.com/squid-cache/squid/pull/585 https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html https://lists.fedoraproject.org/archives/list/[email protected]/message/4FWQRYZJPHAZBLXJ56FPCHJN5X2FP3VA/ https://lists.fedoraproject.org/archives/list/[email protected]/message/H4MWXEZAJSOGRJSS2JCJK4WBSND4IV46/ https://lists.fedoraproject.org/archives/list/[email protected]/message/RV2VZWFJNO3B56IVN56HHKJASG5DYUIX/ https://security.gentoo.org/glsa/202005-05 https://usn.ubuntu.com/4356-1/ https://www.debian.org/security/2020/dsa-4682
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8