Squid Web´úÀíÈí¼þ»º³åÇøÒç¶Âí½Å°²È«¹«¸æ

°ä²¼¹¦·ò 2019-08-23

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-12527£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬CVSS·ÖÖµ£º8.8


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


Squid 4.0.23°æ±¾ÖÁ4.7°æ±¾


·ì϶¸ÅÊö


SquidÊÇÒ»Ì×´úÀí·þÎñÆ÷ºÍWeb»º´æ·þÎñÆ÷Èí¼þ¡£¸ÃÈí¼þÌṩ»º´æÍòάÍø¡¢¹ýÂËÁ÷Á¿¡¢´úÀíÉÏÍøµÈÖ°ÄÜ¡£


Squid´æÔÚ»º³åÇøÃýÎó·ì϶¡£¸Ã·ì϶ԴÓÚÍøÂçϵͳ»ò²úÆ·ÔÚÄÚ´æÉÏÖ´ÐвÙ×÷ʱ£¬Î´ÕýÈ·ÑéÖ¤Êý¾ÝÌìǵ£¬µ¼ÖÂÏò¹ØÁªµÄÆäËûÄÚ´æµØλÉÏÖ´ÐÐÁËÃýÎóµÄ¶Áд²Ù×÷¡£Ô¶³Ìδ¾­Éí·ÝÑéÖ¤µÄ¹¥»÷ÕßÄܹ»Í¨¹ýÏòÖ¸±ê·þÎñÆ÷·¢Ë;«ÐÄÉè¼ÆµÄÒªÇóÀ´ÀûÓô˷ì϶£¬´Ó¶øµ¼ÖÂÔÚSquid¹ý³ÌµÄ¸ßµÍÎÄÖÐÖ´ÐдúÂë¡£


·ì϶ÑéÖ¤


ÔÝÎÞPOC/EXP¡£


½¨¸´½¨Òé


Ä¿Ç°³§ÉÌÒÑ°ä²¼Éý¼¶²¹¶¡ÒÔ½¨¸´·ì϶£¬²¹¶¡»ñÈ¡Á´½Ó£º

https://github.com/squid-cache/squid/commits/v4¡£


²Î¿¼Á´½Ó


https://www.thezdi.com/blog/2019/8/22/cve-2019-12527-code-execution-on-squid-proxy-through-a-heap-buffer-overflow