Sarg User-Agent Processing Multiple Vulnerabilities

Monday, 3 March 2008

L4teral has discovered some vulnerabilities in Sarg, which can be exploited by malicious people to conduct script insertion attacks or to compromise a vulnerable system.

1) A boundary error exists within the "useragent()" function in useragent.c. This can be exploited to cause a stack-based buffer overflow via an overly long User-Agent header sent to a Squid proxy server.

Successful exploitation allows execution of arbitrary code.

2) Input passed via the User-Agent header to a Squid proxy server is not properly sanitised before being used to generate HTML reports. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious logs are viewed.

Successful exploitation of the vulnerabilities requires that processing support for Squid User-Agent logs is enabled.

The vulnerabilities are confirmed in version Other versions may also be affected.

Update to version 2.2.4, which fixes vulnerability #1.

Disable Javascript support in the web browser while viewing the Sarg User-Agent logs.

Provided and/or discovered by:

Original Advisory:

Share this content:
Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.