An issue exists in Squid up to and including 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
squid-cache squid |