Advertisements

 Sarg User-Agent Processing Multiple Vulnerabilities

Monday, 3 March 2008

Description:
L4teral has discovered some vulnerabilities in Sarg, which can be exploited by malicious people to conduct script insertion attacks or to compromise a vulnerable system.

1) A boundary error exists within the "useragent()" function in useragent.c. This can be exploited to cause a stack-based buffer overflow via an overly long User-Agent header sent to a Squid proxy server.

Successful exploitation allows execution of arbitrary code.

2) Input passed via the User-Agent header to a Squid proxy server is not properly sanitised before being used to generate HTML reports. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious logs are viewed.

Successful exploitation of the vulnerabilities requires that processing support for Squid User-Agent logs is enabled.

The vulnerabilities are confirmed in version 2.2.3.1. Other versions may also be affected.

Solution:
Update to version 2.2.4, which fixes vulnerability #1.

Disable Javascript support in the web browser while viewing the Sarg User-Agent logs.

Provided and/or discovered by:
L4teral

Original Advisory:
Sarg:
http://sourceforge.net/project/shownotes.php?release_id=581212
http://secunia.com/advisories/28668/



Share this content:
        
Advertisements
Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.