返回 CVE 浏览器

CVE-2019-18932

HIGH

7.0

CVSS Severity Score

EPSS Score0.1510%

EPSS Percentile40.45th

Published2020年1月21日

Last Modified2024年11月21日

Vulnerability Description

log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations.

Affected Platforms (CPE)

📦

Squid Analysis Report Generator Project

Squid Analysis Report Generator

<= 2.3.11

📦

Opensuse

Backports Sle

= 15.0

💻

Opensuse

Leap

= 15.1

References & Advisories

🔗 http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00051.html

🔗 http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00063.html

🔗 http://www.openwall.com/lists/oss-security/2020/01/20/6

🔗 http://www.openwall.com/lists/oss-security/2020/01/20/6

🔗 http://www.openwall.com/lists/oss-security/2020/01/27/1

🔗 https://bugzilla.suse.com/show_bug.cgi?id=1150554

🔗 https://seclists.org/oss-sec/2020/q1/23

🔗 https://security.gentoo.org/glsa/202007-32

相关漏洞威胁

CVE-2008-116710.0

Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remo...

CVE-2008-72499.3

Buffer overflow in Squid Analysis Report Generator (Sarg) 2.2.3.1, and probably later, allows user-assisted remote attackers to ex...

CVE-2008-11684.3

Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to inject arbit...

CVE-2008-72504.3

Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.4 allows remote attackers to inject arbitra...

CVE-2019-18932 Detail & Impact Analysis | CVSS 7.0 (HIGH) | Cyber-Sec.Space | Cyber-Sec.Space