Sarg User-Agent Processing Multiple VulnerabilitiesMonday, 3 March 2008Description:
L4teral has discovered some vulnerabilities in Sarg, which can be exploited by malicious people to conduct script insertion attacks or to compromise a vulnerable system.
1) A boundary error exists within the "useragent()" function in useragent.c. This can be exploited to cause a stack-based buffer overflow via an overly long User-Agent header sent to a Squid proxy server.
Successful exploitation allows execution of arbitrary code.
2) Input passed via the User-Agent header to a Squid proxy server is not properly sanitised before being used to generate HTML reports. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious logs are viewed.
Successful exploitation of the vulnerabilities requires that processing support for Squid User-Agent logs is enabled.
The vulnerabilities are confirmed in version 2.2.3.1. Other versions may also be affected.
Solution:
Update to version 2.2.4, which fixes vulnerability #1.
Disable Javascript support in the web browser while viewing the Sarg User-Agent logs.
Provided and/or discovered by:
L4teral
Original Advisory:
Sarg:
http://sourceforge.net/project/shownotes.php?release_id=581212
http://secunia.com/advisories/28668/
Share this content:
|