Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1167

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-1167
Last Modified 07 Mar 2011 10:06:15
Published 05 Mar 2008 06:44:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1167

Summary

Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Sarg Squid Analysis Report Generator 2.2.3.1


References

XF - sarg-useragent-bo(40970)

VUPEN - ADV-2008-0749

SECTRACK - 1019536

BID - 28077

BUGTRAQ - 20080302 Squid Analysis Report Generator <= 2.2.3.1 buffer overflow

MANDRIVA - MDVSA-2008:079

GENTOO - GLSA-200803-21

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=581212

SECUNIA - 29500

SECUNIA - 29323

SECUNIA - 29309

SECUNIA - 28668

SUSE - SUSE-SR:2008:006


Last Updated: 27 May 2016 10:47:02