CVE-2019-18932 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2019-18932 Interim 1 16 2025-02-17T01:50:45Z current 2021-05-30T14:33:07Z 2025-02-17T01:50:45Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2019-18932 log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6FENLJBPGJYRWH4TRRWY3B45BZMEUJD2/ E-Mail link for openSUSE-SU-2020:0117-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LH3KEKGAWAXLOMWQWUFGTQDXONO4SZRS/ E-Mail link for openSUSE-SU-2020:0140-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 15 SP1 openSUSE Leap 15.1 sarg-2.3.10-bp151.4.3.1 sarg-2.3.10-lp151.3.3.1 sarg-2.3.10-bp151.4.3.1 as a component of SUSE Package Hub 15 SP1 sarg-2.3.10-lp151.3.3.1 as a component of openSUSE Leap 15.1 log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations. CVE-2019-18932 SUSE Package Hub 15 SP1:sarg-2.3.10-bp151.4.3.1 openSUSE Leap 15.1:sarg-2.3.10-lp151.3.3.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H