Squid WebÊðÀíÈí¼þ»º³åÇøÒç³öÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-08-23

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-12527 £¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬CVSS·ÖÖµ£º8.8


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


Squid 4.0.23°æ±¾ÖÁ4.7°æ±¾


Îó²î¸ÅÊö


SquidÊÇÒ»Ì×ÊðÀí·þÎñÆ÷ºÍWeb»º´æ·þÎñÆ÷Èí¼þ¡£¸ÃÈí¼þÌṩ»º´æÍòάÍø¡¢¹ýÂËÁ÷Á¿¡¢ÊðÀíÉÏÍøµÈ¹¦Ð§¡£


Squid±£´æ»º³åÇø¹ýʧÎó²î¡£¸ÃÎó²îÔ´ÓÚÍøÂçϵͳ»ò²úÆ·ÔÚÄÚ´æÉÏÖ´ÐвÙ×÷ʱ £¬Î´×¼È·ÑéÖ¤Êý¾Ý½çÏß £¬µ¼ÖÂÏò¹ØÁªµÄÆäËûÄÚ´æλÖÃÉÏÖ´ÐÐÁ˹ýʧµÄ¶Áд²Ù×÷¡£Ô¶³Ìδ¾­Éí·ÝÑéÖ¤µÄ¹¥»÷Õß¿ÉÒÔͨ¹ýÏòÄ¿µÄ·þÎñÆ÷·¢ËÍÈ«ÐÄÉè¼ÆµÄÇëÇóÀ´Ê¹ÓôËÎó²î £¬´Ó¶øµ¼ÖÂÔÚSquidÀú³ÌµÄÉÏÏÂÎÄÖÐÖ´ÐдúÂë¡£


Îó²îÑéÖ¤


ÔÝÎÞPOC/EXP¡£


ÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÒÑÐû²¼Éý¼¶²¹¶¡ÒÔÐÞ¸´Îó²î £¬²¹¶¡»ñÈ¡Á´½Ó£º

https://github.com/squid-cache/squid/commits/v4¡£


²Î¿¼Á´½Ó


https://www.thezdi.com/blog/2019/8/22/cve-2019-12527-code-execution-on-squid-proxy-through-a-heap-buffer-overflow