Gentoo FoundationGLSA-201009-04SARG: User-assisted execution of arbitrary code
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
80.6%
Background
SARG is the Squid Analysis Report Generator.
Description
Multiple vulnerabilities were discovered in SARG. For further information please consult the CVE entries referenced below.
Impact
These vulnerabilities might allow attackers to execute arbitrary code via unknown vectors.
NOTE: This is a legacy GLSA. Updates for all affected architectures are available since April 18, 2009. It is likely that your system is already no longer affected by this issue.
Workaround
There is no known workaround at this time.
Resolution
All SARG users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/sarg-2.2.5-r5"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | net-analyzer/sarg | < 2.2.5-r5 | UNKNOWN |
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
80.6%