exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2019-12525

Status Candidate

Overview

An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1.

Related Files

Red Hat Security Advisory 2020-2040-01
Posted May 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2040-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include buffer overflow and code execution vulnerabilities.

tags | advisory, web, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2019-12519, CVE-2019-12525, CVE-2020-11945
SHA-256 | f5d0d691bcd4e3bccb003c0144cfd40493f2cf3e92af0df28263bb2aff8a7309
Red Hat Security Advisory 2020-2041-01
Posted May 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2041-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include buffer overflow and code execution vulnerabilities.

tags | advisory, web, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2019-12519, CVE-2019-12525, CVE-2020-11945
SHA-256 | 5c589ca7b830ef3a7aecec9c71350ca36d1edcdb36e7f0e9b935ab81d6d68486
Debian Security Advisory 4507-1
Posted Aug 26, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4507-1 - Several vulnerabilities were discovered in Squid, a fully featured web proxy cache. The flaws in the HTTP Digest Authentication processing, the HTTP Basic Authentication processing and in the cachemgr.cgi allowed remote attackers to perform denial of service and cross-site scripting attacks, and potentially the execution of arbitrary code.

tags | advisory, remote, web, denial of service, arbitrary, cgi, vulnerability, xss
systems | linux, debian
advisories | CVE-2019-12525, CVE-2019-12527, CVE-2019-12529, CVE-2019-12854, CVE-2019-13345
SHA-256 | 102dff8cdfc700c7a5976e0e1116143994d1ce59068df780c80abd9cf39dc312
Ubuntu Security Notice USN-4065-2
Posted Jul 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4065-2 - USN-4065-1 fixed several vulnerabilities in Squid. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Squid incorrectly handled Digest authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-12525, CVE-2019-12529
SHA-256 | a258175e3f5fe73285d27128ff90ab71441972e45b00f9c20356aa09c164cb08
Ubuntu Security Notice USN-4065-1
Posted Jul 18, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4065-1 - It was discovered that Squid incorrectly handled Digest authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. It was discovered that Squid incorrectly handled Basic authentication. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-12525, CVE-2019-12527, CVE-2019-12529
SHA-256 | a8539b3cc79beff6e700e8c2b6380ce9def258a5a3fd8be174cc49a7546e02ba
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close