SecuritySpace - CVE-2019-12522

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2019-12522

Description: An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.

Test IDs: 1.3.6.1.4.1.25623.1.0.113674

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2019-12522
https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12522.txt

CVE ID:	CVE-2019-12522
Description:	An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.
Test IDs:	1.3.6.1.4.1.25623.1.0.113674
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2019-12522 https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12522.txt