*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: sarg
CVE-2008-1167:
Stack-based buffer overflow in the useragent function in useragent.c in Squid
Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to execute
arbitrary code via a long Squid proxy server User-Agent header. NOTE: some of
these details are obtained from third party information.
CVE-2008-1168:
Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator
(Sarg) 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML
via the User-Agent header, which is not properly handled when displaying the
Squid proxy log. NOTE: the provenance of this information is unknown; the
details are obtained solely from third party information.
Both issues are fixed upstream in 2.2.5.
** Affects: sarg (Ubuntu)
Importance: Undecided
Status: New
** Visibility changed to: Public
--
[CVE-2008-1168] XSS in log and useragent parser
https://bugs.launchpad.net/bugs/202758
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
