CVE-2020-11945

An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).
References
Link Resource
https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811 Patch Third Party Advisory
http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch Patch Vendor Advisory
http://master.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch Vendor Advisory
https://github.com/squid-cache/squid/pull/585 Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/04/23/2 Mailing List Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1170313 Issue Tracking Third Party Advisory
https://www.debian.org/security/2020/dsa-4682 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html Mailing List Third Party Advisory
https://security.gentoo.org/glsa/202005-05 Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4FWQRYZJPHAZBLXJ56FPCHJN5X2FP3VA/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RV2VZWFJNO3B56IVN56HHKJASG5DYUIX/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4MWXEZAJSOGRJSS2JCJK4WBSND4IV46/ Mailing List Third Party Advisory
https://usn.ubuntu.com/4356-1/ Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20210304-0004/ Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

Information

Published : 2020-04-23 03:15

Updated : 2021-03-17 12:40


NVD link : CVE-2020-11945

Mitre link : CVE-2020-11945

Products Affected
No products.
CWE