Unrated severityNVD Advisory· Published Jan 21, 2020· Updated Aug 5, 2024
CVE-2019-18932
CVE-2019-18932
Description
log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- sarg/Squid Analysis Report Generator (sarg)description
- osv-coords2 versionspkg:rpm/opensuse/sarg&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/sarg&distro=SUSE%20Package%20Hub%2015%20SP1
< 2.3.10-lp151.3.3.1+ 1 more
- (no CPE)range: < 2.3.10-lp151.3.3.1
- (no CPE)range: < 2.3.10-bp151.4.3.1
Patches
Vulnerability mechanics
References
8- lists.opensuse.org/opensuse-security-announce/2020-01/msg00051.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-01/msg00063.htmlmitrevendor-advisoryx_refsource_SUSE
- security.gentoo.org/glsa/202007-32mitrevendor-advisoryx_refsource_GENTOO
- www.openwall.com/lists/oss-security/2020/01/20/6mitremailing-listx_refsource_MLISTx_refsource_MISC
- www.openwall.com/lists/oss-security/2020/01/27/1mitremailing-listx_refsource_MLIST
- bugzilla.suse.com/show_bug.cgimitrex_refsource_MISC
- seclists.org/oss-sec/2020/q1/23mitremailing-listx_refsource_MLIST
- sourceforge.net/projects/sarg/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.