The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sgi | propack | 2.3 |
| sysstat | sysstat | 4.1.7 |
| sysstat | sysstat | 4.1.5 |
| sysstat | sysstat | 4.1.6 |
| sysstat | sysstat | 4.1.1 |
| sysstat | sysstat | 4.0.7 |
| redhat | sysstat | 4.0.7-3 |
| sysstat | sysstat | 4.1.4 |
| sysstat | sysstat | 5.0.1 |
| sysstat | sysstat | 4.1.3 |
| sgi | propack | 2.4 |
| sysstat | sysstat | 4.1.2 |
The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sgi | propack | 2.3 |
| sysstat | sysstat | 4.1.7 |
| sysstat | sysstat | 4.1.5 |
| sysstat | sysstat | 4.1.6 |
| sysstat | sysstat | 4.1.1 |
| sysstat | sysstat | 4.0.7 |
| redhat | sysstat | 4.0.7-3 |
| sysstat | sysstat | 4.1.4 |
| sysstat | sysstat | 5.0.1 |
| sysstat | sysstat | 4.1.3 |
| sgi | propack | 2.4 |
| sysstat | sysstat | 4.1.2 |
The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sysstat | sysstat | 7.1.3 |
| sysstat | sysstat | 6.0.3 |
| sysstat | sysstat | 6.0.2 |
| sysstat | sysstat | 6.0.5 |
| sysstat | sysstat | 7.0.3 |
| sysstat | sysstat | 7.1.6 |
| sysstat | sysstat | 6.0.1 |
| sysstat | sysstat | 7.0.4 |
| sysstat | sysstat | 7.0.1 |
| sysstat | sysstat | 7.1.5 |
| sysstat | sysstat | 5.1.3 |
| sysstat | sysstat | 7.1.4 |
| sysstat | sysstat | 7.1.1 |
| sysstat | sysstat | 6.0.4 |
| sysstat | sysstat | 5.1.2 |
| sysstat | sysstat | 5.1.5 |
| sysstat | sysstat | 6.0.0 |
| sysstat | sysstat | 7.1.2 |
| sysstat | sysstat | 7.0.0 |
| sysstat | sysstat | 5.1.4 |
| sysstat | sysstat | 7.0.2 |