FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

squid -- Vulnerable to HTTP Digest Authentication

Affected packages
squid < 4.9

Details

VuXML ID 620685d6-0aa3-11ea-9673-4c72b94353b5
Discovery 2019-11-05
Entry 2019-11-19

Squid Team reports:

Problem Description: Due to incorrect data management Squid is vulnerable to a information disclosure when processing HTTP Digest Authentication.

Severity: Nonce tokens contain the raw byte value of a pointer which sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.

[source]

References

CVE Name CVE-2019-18679
URL http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679
URL http://www.squid-cache.org/Advisories/SQUID-2019_11.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.