log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations.
2020-01-21T18:15:12.890
2024-11-21T04:33:51.783
Modified
CVSSv3.1: 7.0 (HIGH)
AV:L/AC:M/Au:N/C:P/I:P/A:P
3.4
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | squid_analysis_report_generator_project | squid_analysis_report_generator | ≤ 2.3.11 | Yes |
| Application | opensuse | backports_sle | 15.0 | Yes |
| Operating System | opensuse | leap | 15.1 | Yes |