Bug 1770356 (CVE-2019-12526) - CVE-2019-12526 squid: Heap overflow issue in URN processing
Summary: CVE-2019-12526 squid: Heap overflow issue in URN processing
Keywords:
Status: NEW
Alias: CVE-2019-12526
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1770357 1771263 1771264
Blocks: 1770358
TreeView+ depends on / blocked
 
Reported: 2019-11-08 19:50 UTC by Pedro Sampaio
Modified: 2019-12-12 00:17 UTC (History)
6 users (show)

Fixed In Version: squid 4.9
Doc Type: If docs needed, set a value
Doc Text:
A heap-based buffer overflow was found in the way squid processed certain Uniform Resource Names (URNs). A remote attacker could use this flaw to cause Squid to crash or execute arbitrary code with the permissions of the user running Squid.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Pedro Sampaio 2019-11-08 19:50:22 UTC
Due to incorrect buffer management Squid is vulnerable to a heap overflow and possible remote code execution attack when processing URN.

References:

http://www.squid-cache.org/Advisories/SQUID-2019_7.txt

Comment 1 Pedro Sampaio 2019-11-08 19:50:36 UTC
Created squid tracking bugs for this issue:

Affects: fedora-all [bug 1770357]

Comment 2 Huzaifa S. Sidhpurwala 2019-11-12 04:53:18 UTC
External References:

http://www.squid-cache.org/Advisories/SQUID-2019_7.txt

Comment 3 Huzaifa S. Sidhpurwala 2019-11-12 04:53:21 UTC
Mitigation:

The following mitigation is suggested by upstream:

Deny urn: protocol URI being proxied to all clients:
~~~
    acl URN proto URN
    http_access deny URN
~~~

Comment 4 Huzaifa S. Sidhpurwala 2019-11-12 05:05:49 UTC
Analysis:

This is a heap-based buffer overflow, which can be triggered by a malicious client. The client can overwrite substantial amount of heap potentially causing squid to crash or even execute arbitrary code with the permissions of the user running squid (normally squid user which is non-privileged). Also on Red Hat Products, squid is confined with selinux which should reduce the possibilities of code execution.

Because of the above mentioned difficulties in exploitation, Red Hat Product Security has classified this flaw as having Moderate impact.

Comment 5 Huzaifa S. Sidhpurwala 2019-11-12 05:05:52 UTC
Statement:

This is a heap-based buffer overflow, which can be triggered by a malicious client. The client can overwrite substantial amount of heap potentially causing squid to crash or even execute arbitrary code with the permissions of the user running squid (normally squid user which is non-privileged). Also on Red Hat Products, squid is confined with selinux which should reduce the possibilities of code execution.

Because of the above mentioned difficulties in exploitation, Red Hat Product Security has classified this flaw as having Moderate impact.


Note You need to log in before you can comment on or make changes to this bug.