CVE-2019-18932

Опубликовано: 21 янв. 2020

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 4.4

CVSS3: 7

Описание

log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	not-affected	2.4.0-1ubuntu1
disco	ignored	end of life
eoan	ignored	end of life
esm-apps/bionic	needs-triage
esm-apps/focal	needs-triage
esm-apps/jammy	not-affected	2.4.0-1ubuntu1
esm-apps/noble	not-affected	2.4.0-1ubuntu1
esm-apps/xenial	needs-triage
esm-infra-legacy/trusty	DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 12%

0.0004

Низкий

4.4 Medium

CVSS2

7 High

CVSS3

Связанные уязвимости

CVE-2019-18932

CVSS3: 7

nvd

около 6 лет назад

CVE-2019-18932

CVSS3: 7

debian

около 6 лет назад

log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows ...

openSUSE-SU-2020:0117-1

suse-cvrf

около 6 лет назад

Security update for sarg

GHSA-jcx8-j739-fp6q

CVSS3: 7

github

больше 3 лет назад

EPSS

Процентиль: 12%

0.0004

Низкий

4.4 Medium

CVSS2

7 High

CVSS3

CVE-2019-18932

Описание

Пакет sarg

Ссылки на источники

Связанные уязвимости