CVE-2019-18932
published 2020-01-21CVE-2019-18932: log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As…
high7CVSS 3.1
AVLACHPRLUINSUCHIHAH
log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | sarg | < sarg 2.4.0-1 (bookworm) | sarg 2.4.0-1 (bookworm) |
| opensuse | backports_sle | — | — |
| opensuse | leap | — | — |
| pedro_lineu_orso | sarg | >= 0 < 2.4.0-1 | 2.4.0-1 |
| pedro_lineu_orso | sarg | >= 0 < 2.4.0-1 | 2.4.0-1 |
| pedro_lineu_orso | sarg | >= 0 < 2.4.0-1 | 2.4.0-1 |
| squid_analysis_report_generator_project | squid_analysis_report_generator | <= 2.3.11 | — |
CVSS provenance
nvdv3.17.0HIGHCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.0HIGH