Pedro Lineu Orso Sarg vulnerabilities

6 known vulnerabilities affecting pedro_lineu_orso/sarg.

Total CVEs

6

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL3HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1

CVE-2019-18932HIGHCVSS 7.0≥ 0, < 2.4.0-12020-01-21

CVE-2019-18932 [HIGH] CVE-2019-18932: log log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file syste

CVE-2008-7249CRITICALCVSS 9.3v2.2.42009-12-30

CVE-2008-7249 [CRITICAL] CVE-2008-7249: Buffer overflow in Squid Analysis Report Generator (Sarg) 2.2.3.1, and probably later, allows user-a Buffer overflow in Squid Analysis Report Generator (Sarg) 2.2.3.1, and probably later, allows user-assisted remote attackers to execute arbitrary code via a long HTTP request method in a crafted access.log file, a different vulnerability than CVE-2008-1167.

CVE-2008-7250MEDIUMCVSS 4.3v2.2.42009-12-30

CVE-2008-7250 [MEDIUM] CVE-2008-7250: Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.4 allows remo Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.4 allows remote attackers to inject arbitrary web script or HTML via a JavaScript onload event in the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: this issue exists because of an incomplete fix for CVE-2008-1168.

CVE-2008-1922CRITICALCVSS 10.0≥ 0, < 2.2.4-12008-05-13

CVE-2008-1922 [CRITICAL] CVE-2008-1922: Multiple stack-based buffer overflows in Sarg might allow attackers to execute arbitrary code via unknown vectors, probably a crafted Squid log file Multiple stack-based buffer overflows in Sarg might allow attackers to execute arbitrary code via unknown vectors, probably a crafted Squid log file.

CVE-2008-1167CRITICALCVSS 10.0≥ 0, < 2.2.4-12008-03-05

CVE-2008-1167 [CRITICAL] CVE-2008-1167: Stack-based buffer overflow in the useragent function in useragent Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header. NOTE: some of these details are obtained from third party information.

CVE-2008-1168MEDIUMCVSS 4.3≥ 0, < 2.2.5-12008-03-05

CVE-2008-1168 [MEDIUM] CVE-2008-1168: Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2 Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.