This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200803-21
(Sarg: Remote execution of arbitrary code)
Sarg doesn't properly check its input for abnormal content when
processing Squid log files.
A remote attacker using a vulnerable Squid as a proxy server or a
reverse-proxy server can inject arbitrary content into the 'User-Agent'
HTTP client header, that will be processed by sarg, which will lead to
Cross-Site Scripting attacks and the theft of credentials.
There is no known workaround at this time.
See also :
All sarg users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-analyzer/sarg-2.2.5'
Risk factor :
Critical / CVSS Base Score : 10.0