[squid-dev] CVE-2019-12522
Eliezer Croitoru
ngtech1ltd at gmail.com
Fri Mar 4 13:51:44 UTC 2022
Thanks!!
----
Eliezer Croitoru
NgTech, Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd at gmail.com
-----Original Message-----
From: squid-dev <squid-dev-bounces at lists.squid-cache.org> On Behalf Of Amos
Jeffries
Sent: Friday, March 4, 2022 06:43
To: squid-dev at lists.squid-cache.org
Subject: Re: [squid-dev] CVE-2019-12522
On 4/03/22 00:39, Eliezer Croitoru wrote:
> I'm still trying to understand why it's described as "exploitable" ???
> It's like saying: The Linux Kernel should not be a kernel and init(or
> equivalent) should not run with uid 0 or 1.
> Why nobody complains about cockpit being a root process??
>
This explains the _type_ of problem
<https://secureteam.co.uk/articles/how-return-oriented-programming-exploits-
work/>.
Most Squid are automatically protected against it by at least one of OS
or compiler systems. But some can still be vulnerable, as shown by Jerkio.
Amos
_______________________________________________
squid-dev mailing list
squid-dev at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev
More information about the squid-dev
mailing list