oss-sec mailing list archives

Re: CVE-2019-18932: sarg: insecure usage of /tmp/sarg allows privilege escalation / DoS attack vector

From: Matthias Gerstner <mgerstner () suse de>
Date: Mon, 27 Jan 2020 10:43:58 +0100

I've informed the upstream maintainer about this issue on 2019-11-13 and
discussed various aspects of a suitable security fix with him. No
agreement on a suitable publication date for this finding or a final
patch could be achieved and I did not hear back for around a month by
now.


I've been informed by a third party that an upstream release sarg-2.4.0
[1] containing a fix [2] is now available.

[1]: https://sourceforge.net/projects/sarg/files/sarg/sarg-2.4.0/
[2]: https://sourceforge.net/p/sarg/code/ci/8ec6d20be8c0da3c885aba78e63251f2e5080748

Attachment: signature.asc
Description:

Current thread:

CVE-2019-18932: sarg: insecure usage of /tmp/sarg allows privilege escalation / DoS attack vector Matthias Gerstner (Jan 20)
- Re: CVE-2019-18932: sarg: insecure usage of /tmp/sarg allows privilege escalation / DoS attack vector Matthias Gerstner (Jan 27)