Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19400
HistoryMar 13, 2008 - 12:00 a.m.

[ GLSA 200803-21 ] Sarg: Remote execution of arbitrary code

2008-03-1300:00:00
vulners.com
22
JSON

Gentoo Linux Security Advisory GLSA 200803-21

                                        http://security.gentoo.org/

Severity: Normal
Title: Sarg: Remote execution of arbitrary code
Date: March 12, 2008
Bugs: #212208, #212731
ID: 200803-21

Synopsis

Sarg is vulnerable to the execution of arbitrary code when processed
with untrusted input files.

Background

Sarg (Squid Analysis Report Generator) is a tool that provides many
informations about the Squid web proxy server users activities: time,
sites, traffic, etc.

Affected packages

-------------------------------------------------------------------
 Package            /  Vulnerable  /                    Unaffected
-------------------------------------------------------------------

1 net-analyzer/sarg < 2.2.5 >= 2.2.5

Description

Sarg doesn't properly check its input for abnormal content when
processing Squid log files.

Impact

A remote attacker using a vulnerable Squid as a proxy server or a
reverse-proxy server can inject arbitrary content into the "User-Agent"
HTTP client header, that will be processed by sarg, which will lead to
the execution of arbitrary code, or JavaScript injection, allowing
Cross-Site Scripting attacks and the theft of credentials.

Workaround

There is no known workaround at this time.

Resolution

All sarg users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=net-analyzer/sarg-2.2.5&quot;

References

[ 1 ] CVE-2008-1167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1167
[ 2 ] CVE-2008-1168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1168

Availability

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200803-21.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License

Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Related

openvas 4
gentoo 1
nessus 2
securityvulns 1
prion 4
ubuntucve 4
cve 4
debiancve 4
openvas
openvas
Gentoo Security Advisory GLSA 200803-21 (sarg)
2008-09-24 00:00:00
Mandriva Update for sarg MDVSA-2008:079 (sarg)
2009-04-09 00:00:00
Mandriva Update for sarg MDVSA-2008:079 (sarg)
2009-04-09 00:00:00
gentoo
gentoo
Sarg: Remote execution of arbitrary code
2008-03-12 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : sarg (MDVSA-2008:079)
2009-04-23 00:00:00
GLSA-200803-21 : Sarg: Remote execution of arbitrary code
2008-03-13 00:00:00
securityvulns
securityvulns
Squid Analysis Report Generator buffer overflow
2008-03-13 00:00:00
prion
prion
Stack overflow
2008-03-05 23:44:00
Cross site scripting
2008-03-05 23:44:00
Buffer overflow
2009-12-30 22:30:00
ubuntucve
ubuntucve
CVE-2008-1167
2008-03-05 00:00:00
CVE-2008-1168
2008-03-05 00:00:00
CVE-2008-7249
2009-12-30 00:00:00
cve
cve
CVE-2008-1167
2008-03-05 23:44:00
CVE-2008-1168
2008-03-05 23:44:00
CVE-2008-7249
2009-12-30 22:30:00
debiancve
debiancve
CVE-2008-1167
2008-03-05 23:44:00
CVE-2008-1168
2008-03-05 23:44:00
CVE-2008-7249
2009-12-30 22:30:00
JSON
Related for SECURITYVULNS:DOC:19400
openvas4gentoo1nessus2securityvulns1prion4ubuntucve4cve4debiancve4