Mhedzisiro yekuzvimiririra yekuchengetedza ongororo yeakavhurika caching proxy server squid, yakaitwa muna 2021, yakaburitswa. Panguva yekuongorora kwekodhi yekodhi yepurojekiti, 55 vulnerabilities yakaonekwa, iyo 35 matambudziko asati agadziriswa nevagadziri (0-day). Vagadziri veSquid vakaziviswa nezvematambudziko makore maviri nehafu apfuura, asi havana kumbopedza basa rekugadzirisa. Pakupedzisira, munyori wekuongorora akafunga kuburitsa ruzivo pasina kumirira kuti matambudziko ese agadziriswe uye kuzivisa vagadziri veSquid nezve izvi zvisati zvaitika.
Pakati pezvinokanganisa zvakaonekwa:
- Kufashukira mukuitwa kweDigest Authentication kunoitika kana Proxy-Authorization HTTP musoro wagadziriswa neDigest nc munda kukosha kwakakurisa.
- Kuwana ndangariro mushure mekunge yasunungurwa mumubvunzo processor ine nzira yeTRACE.
- Memory kupinda mushure mekusunungura paunenge uchigadzirisa zvikumbiro zveHTTP ne "Range" musoro (CVE-2021-31807).
- Stack inofashukira paunenge uchigadzira iyo X-Forwarded-For HTTP musoro.
- Stack inofashukira paunenge uchigadzirisa chunked mibvunzo.
- Kuwana ndangariro mushure mekusunungurwa muCacheManager web interface.
- Integer kufashukira muRange HTTP musoro wekubata (CVE-2021-31808).
- Memory kuwana mushure mekusunungura uye buffer kufashukira muESI (Edge Side Inosanganisira) kutaura mubati.
- Kuwanda kwendangariro kunovuza, buffer inodarika paunenge uchiverenga, uye matambudziko anounza kubondera.
Source: opennet.ru
