Launchpad.net

CVE 2008-1167

Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header. NOTE: some of these details are obtained from third party information.

Related bugs and status

CVE-2008-1167 (Candidate) is related to these bugs:

Bug #202758: [CVE-2008-1168] XSS in log and useragent parser

		In	Importance	Status
202758	[CVE-2008-1168] XSS in log and useragent parser	sarg (Ubuntu)	High	Fix Released
202758	[CVE-2008-1168] XSS in log and useragent parser	sarg (Ubuntu Dapper)	Undecided	Won't Fix
202758	[CVE-2008-1168] XSS in log and useragent parser	sarg (Ubuntu Edgy)	Undecided	Won't Fix
202758	[CVE-2008-1168] XSS in log and useragent parser	sarg (Ubuntu Feisty)	Undecided	Won't Fix
202758	[CVE-2008-1168] XSS in log and useragent parser	sarg (Ubuntu Gutsy)	Undecided	Won't Fix
202758	[CVE-2008-1168] XSS in log and useragent parser	sarg (Ubuntu Hardy)	High	Fix Released

Bug #203472: [sarg] [CVE-2008-1167] arbitrary code execution

Summary				In	Importance	Status
	203472	[sarg] [CVE-2008-1167] arbitrary code execution		sarg (Ubuntu)	Undecided	New

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://sourceforge.net...
SECTRACK: 1019536
SECUNIA: 28668
GENTOO: GLSA-200803-21
SECUNIA: 29309
SUSE: SUSE-SR:2008:006
SECUNIA: 29323
MANDRIVA: MDVSA-2008:079
BID: 28077
SECUNIA: 29500
VUPEN: ADV-2008-0749
XF: sarg-useragent-bo(40970)
BUGTRAQ: 20080302 Squid Analysi...