log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations.
Advisories
Source ID Title
EUVD EUVD EUVD-2019-8605 log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-05T02:02:39.854Z

Reserved: 2019-11-13T00:00:00

Link: CVE-2019-18932

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-01-21T18:15:12.890

Modified: 2024-11-21T04:33:51.783

Link: CVE-2019-18932

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.