Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.4
CVSSv2

CVE-2019-18932

Published: 21/01/2020 Updated: 26/04/2022
CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4
CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1
VMScore: 392
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Squid Analysis Report Generator

Vulnerability Summary

log.c in Squid Analysis Report Generator (sarg) up to and including 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

squid analysis report generator project squid analysis report generator

opensuse leap 15.1

opensuse backports sle 15.0

Vendor Advisories

Debian CVElist Bug Report Logs: sarg: CVE-2019-18932
Debian Bug report logs - #951390 sarg: CVE-2019-18932 Package: src:sarg; Maintainer for src:sarg is Luigi Gangitano <luigi@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 15 Feb 2020 20:45:01 UTC Severity: important Tags: security, upstream Found in versions sarg/2311-1, sarg/2310-2 ...

References

CWE-362CWE-59https://bugzilla.suse.com/show_bug.cgi?id=1150554http://www.openwall.com/lists/oss-security/2020/01/20/6https://sourceforge.net/projects/sarg/https://seclists.org/oss-sec/2020/q1/23http://www.openwall.com/lists/oss-security/2020/01/27/1http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00051.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00063.htmlhttps://security.gentoo.org/glsa/202007-32https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951390https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-25525CVE-2024-4652CVE-2024-1438CVE-2024-4671CVE-2024-34351arbitrary CVE-2024-4650SQL injectionoverflow
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook