Gentoo Logo

SARG: User-assisted execution of arbitrary code

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 201009-04 / SARG sarg
Release Date September 07, 2010
Latest Revision September 07, 2010: 01
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
net-analyzer/sarg < 2.2.5-r5 >= 2.2.5-r5 All supported architectures

Related bugreports: #222121

Synopsis

Multiple stack-based buffer overflow vulnerabilities were discovered in SARG allowing for remote code execution.

2.  Impact Information

Background

SARG is the Squid Analysis Report Generator.

Description

Multiple vulnerabilities were discovered in SARG. For further information please consult the CVE entries referenced below.

Impact

These vulnerabilities might allow attackers to execute arbitrary code via unknown vectors.

NOTE: This is a legacy GLSA. Updates for all affected architectures are available since April 18, 2009. It is likely that your system is already no longer affected by this issue.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All SARG users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/sarg-2.2.5-r5"

4.  References

Print

Page updated September 07, 2010

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.