CVE-2019-18932Link Following in Analysis Report Generator Project Squid Analysis Report Generator

CWE-59Link FollowingCWE-362Race ConditionCWE-269Improper Privilege Management5 documents5 sources
Severity
7.0HIGHNVD
EPSS
0.0%
top 87.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Pedro Lineu Orso SargSquid Analysis Report Generator Project Squid Analysis Report GeneratorOpensuse Backports SLE+1 more
Timeline
PublishedJan 21
Latest updateMay 24

Description

log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages4 packages

Debianpedro_lineu_orso/sarg< 2.4.0-1+2
NVDopensuse/leap15.1

🔴Vulnerability Details

3
GHSA
GHSA-jcx8-j739-fp6q: log2022-05-24
OSV
CVE-2019-18932: log2020-01-21
CVEList
CVE-2019-18932: log2020-01-21

📋Vendor Advisories

1
Debian
CVE-2019-18932: sarg - log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local priv...2019
CVE-2019-18932 — Link Following | cvebase