← Back

Squid Analysis Report Generator

squid_analysis_report_generator

Vendor: Squid Analysis Report Generator Project • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-18932
2Opensuse
Squid Analysis Report Generator Project
3Backports Sle
LeapSquid Analysis Report Generator
Nov 21, 2024
Jan 21, 2020
N/A· v4
7.0 HIGH· v3
4.4 MEDIUM· v2
log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an exis...Show more
log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations.Show less