Bug 212208

Summary:	net-analyzer/sarg <2.2.4 Arbitrary code execution (CVE-2008-1167)
Product:	Gentoo Security	Reporter:	Peter Volkov (RETIRED) <pva>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	netmon
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://sarg.sourceforge.net/sarg.ChangeLog.txt
Whiteboard:	B2 [glsa]
Package list:		Runtime testing required:	---

Description Peter Volkov (RETIRED) gentoo-dev

2008-03-03 16:24:14 UTC

From sarg ChangeLog ( http://sarg.sourceforge.net/sarg.ChangeLog.txt ):

=========================================================================
security issues can be exploited to execute arbitrary code when sarg
is used with malicious input files.

The vulnerability within the processing of the useragent.log is rather
critical, as this can be exploited by passing a long user agent string
when browsing via a squid proxy. the manipulated GET request in the
access log would not be accepted by squid, so that file has to be specially crafted.

Thank you to L4teral l4teral AT gmail.com
=========================================================================

Arch teams, please be aware that previous version of sarg was full different crash problems and it never hit portage...

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2008-03-03 18:14:44 UTC

Arches, please test and mark stable:
=net-analyzer/sarg-2.2.4
Target keywords : "amd64 ppc release x86"

Comment 2 Markus Meier gentoo-dev

2008-03-03 20:25:57 UTC

x86 stable

Comment 3 Tobias Scherbaum (RETIRED) gentoo-dev

2008-03-04 18:45:06 UTC

ppc stable

Comment 4 Steve Dibb (RETIRED) gentoo-dev

2008-03-06 13:50:48 UTC

amd64 stable

Comment 5 Peter Volkov (RETIRED) gentoo-dev

2008-03-06 17:54:31 UTC

Fixed in release snapshot.

Comment 6 Robert Buchholz (RETIRED) gentoo-dev

2008-03-08 16:51:51 UTC

request filed.

Comment 7 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2008-03-12 19:50:20 UTC

GLSA  200803-21, thanks to everybody