Thanks!! ---- Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com
-----Original Message----- From: squid-dev <squid-dev-boun...@lists.squid-cache.org> On Behalf Of Amos Jeffries Sent: Friday, March 4, 2022 06:43 To: squid-dev@lists.squid-cache.org Subject: Re: [squid-dev] CVE-2019-12522 On 4/03/22 00:39, Eliezer Croitoru wrote: > I'm still trying to understand why it's described as "exploitable" ??? > It's like saying: The Linux Kernel should not be a kernel and init(or > equivalent) should not run with uid 0 or 1. > Why nobody complains about cockpit being a root process?? > This explains the _type_ of problem <https://secureteam.co.uk/articles/how-return-oriented-programming-exploits- work/>. Most Squid are automatically protected against it by at least one of OS or compiler systems. But some can still be vulnerable, as shown by Jerkio. Amos _______________________________________________ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev _______________________________________________ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev