Vulnerabilites related to sysstat - sysstat
Vulnerability from fkie_nvd
Published
2004-04-15 04:00
Modified
2024-11-20 23:47
Severity ?
Summary
The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:sysstat:4.0.7-3:*:i386:*:*:*:*:*",
"matchCriteriaId": "AD0995DA-F1DF-433D-A97B-1D02570ED787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "26430687-409B-448F-934B-06AB937DDF63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0702A32E-E577-403C-B4D9-15037D7100A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "128E5519-B592-4A74-A0AE-70FF6C758E92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF8EA77A-0502-4CE1-8AF6-B9FCE3A3B61A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44DF02DE-E9E2-48FB-ADEB-86CD6BFD6AF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F593D32F-D836-4CC6-B597-6847889CDB59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "816C2A5C-06BE-4DFB-8982-1A9FCE5FA6D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A2198E1-5725-410B-B7E7-35749CA32A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE7138C-0258-4306-88EE-852CF9EF6605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "496B269B-8B6D-44DF-BCC1-CF48C85B3B18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DA6DACA-FC70-475F-8585-1799D5F74386",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107."
},
{
"lang": "es",
"value": "El \u00fatil isag, que procesa datos de sysstat, permite a usuarios locales sobreescribir ficheros arbitrarios mediante un ataque de enlaces simb\u00f3licos en ficheros temporales, una vulnverabilidad distinta de CAN-2004-0107."
}
],
"id": "CVE-2004-0108",
"lastModified": "2024-11-20T23:47:46.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-04-15T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040302-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2004/dsa-460"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-053.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9844"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040302-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2004/dsa-460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-053.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15437"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-14 18:17
Modified
2024-11-21 00:34
Severity ?
Summary
The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sysstat | sysstat | 5.1.2 | |
| sysstat | sysstat | 5.1.3 | |
| sysstat | sysstat | 5.1.4 | |
| sysstat | sysstat | 5.1.5 | |
| sysstat | sysstat | 6.0.0 | |
| sysstat | sysstat | 6.0.1 | |
| sysstat | sysstat | 6.0.2 | |
| sysstat | sysstat | 6.0.3 | |
| sysstat | sysstat | 6.0.4 | |
| sysstat | sysstat | 6.0.5 | |
| sysstat | sysstat | 7.0.0 | |
| sysstat | sysstat | 7.0.1 | |
| sysstat | sysstat | 7.0.2 | |
| sysstat | sysstat | 7.0.3 | |
| sysstat | sysstat | 7.0.4 | |
| sysstat | sysstat | 7.1.1 | |
| sysstat | sysstat | 7.1.2 | |
| sysstat | sysstat | 7.1.3 | |
| sysstat | sysstat | 7.1.4 | |
| sysstat | sysstat | 7.1.5 | |
| sysstat | sysstat | 7.1.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sysstat:sysstat:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32CD4705-19AC-4206-9BEF-B3AA990454F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7F70CFB-2ADC-4200-8FD0-182FA66AAA2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4340FE60-FEF1-4963-8815-D70C2B1E3200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EDFB9169-E45A-4EBA-9886-85F62F57402E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14D823DF-8E61-4BA5-B9B6-8DBADFDDF4ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA29CC09-F246-479C-85A6-082E7DBD825B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B1A318D2-675D-46E8-A0A0-F4CFA531F5B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "55EF88AF-E44D-42FB-B4C9-3B88A6FC0B11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AD4F2BD8-ED83-4B53-8E97-84BAA1CEA911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C3FC0732-FAB9-4DED-94A7-EF605162834B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D4F62C9-7935-4B09-9279-1026F4E109DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9CB8D001-6219-44BB-A71C-440F52A3430A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6BEB86-118F-40AB-BABA-AC26B8FBA30F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7BD7CD22-7CD3-4829-8BF9-5375A562A039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4D6E46-2281-4A6B-A1C2-048352A7C1BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BC25B8-9D00-46D4-AF3D-4ABD53927FC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB703663-DB5D-4BB9-83DF-CEDC163E0265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EDD358ED-89BA-472E-A908-C25F81AAA954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CA47ADFC-D33C-461B-830A-7B2C448AA263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:7.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FDF3D513-A79F-453F-9E5E-CB3A043EFEAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:7.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "793C580B-A8C2-423B-AB3C-5954B00D39DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code."
},
{
"lang": "es",
"value": "El script init (sysstat.in) en sysstat versiones 5.1.2 hasta 7.1.6, crea de manera no segura el archivo /tmp/sysstat.run, lo que permite a usuarios locales ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2007-3852",
"lastModified": "2024-11-21T00:34:13.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-14T18:17:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/39709"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26527"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1005.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/25380"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=188808"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/39709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26527"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=188808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36045"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "This issue did not affect the versions of sysstat as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.\n\nFor Red Hat Enterprise Linux 5, Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251200\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.",
"lastModified": "2008-05-12T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-04-15 04:00
Modified
2024-11-20 23:47
Severity ?
Summary
The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:sysstat:4.0.7-3:*:i386:*:*:*:*:*",
"matchCriteriaId": "AD0995DA-F1DF-433D-A97B-1D02570ED787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "26430687-409B-448F-934B-06AB937DDF63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0702A32E-E577-403C-B4D9-15037D7100A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "128E5519-B592-4A74-A0AE-70FF6C758E92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF8EA77A-0502-4CE1-8AF6-B9FCE3A3B61A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44DF02DE-E9E2-48FB-ADEB-86CD6BFD6AF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F593D32F-D836-4CC6-B597-6847889CDB59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "816C2A5C-06BE-4DFB-8982-1A9FCE5FA6D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A2198E1-5725-410B-B7E7-35749CA32A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE7138C-0258-4306-88EE-852CF9EF6605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "496B269B-8B6D-44DF-BCC1-CF48C85B3B18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DA6DACA-FC70-475F-8585-1799D5F74386",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108."
},
{
"lang": "es",
"value": "Los scrpits (1) post y (2) trigger en sysstat 4.0.7 y anteriores permiten a usuarios locales sobreescribir ficheros arbitrarios mediante ataques de enlaces simb\u00f3licos en ficheros temporales, una vulnerabilidad distinta de CAN-2004-0108."
}
],
"id": "CVE-2004-0107",
"lastModified": "2024-11-20T23:47:46.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-04-15T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040302-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "http://www.ciac.org/ciac/bulletins/o-097.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/6884"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-053.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2004-093.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9838"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15428"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10737"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A849"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040302-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ciac.org/ciac/bulletins/o-097.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/6884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-053.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2004-093.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A862"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2022-39377
Vulnerability from cvelistv5
Published
2022-11-08 00:00
Modified
2024-08-03 12:00
Severity ?
EPSS score ?
Summary
sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:00:44.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/sysstat/sysstat/security/advisories/GHSA-q8r6-g56f-9w7x"
},
{
"name": "[debian-lts-announce] 20221113 [SECURITY] [DLA 3188-1] sysstat security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00014.html"
},
{
"name": "FEDORA-2022-dbe48a4bc7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHUVUDIVDJZ7AVXD3XX3NBXXXKPOKN3N/"
},
{
"name": "FEDORA-2022-5adda2d05f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X6WKTODOUDV6M3HZMASYNZP6EM4N7W4/"
},
{
"name": "FEDORA-2022-9f3af921a5",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6F26ALXWYHT4LN2AHPZM34OQEXTJE3JZ/"
},
{
"name": "GLSA-202211-07",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202211-07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "sysstat",
"vendor": "sysstat",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.1.16, \u003c 12.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-131",
"description": "CWE-131: Incorrect Calculation of Buffer Size",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-22T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/sysstat/sysstat/security/advisories/GHSA-q8r6-g56f-9w7x"
},
{
"name": "[debian-lts-announce] 20221113 [SECURITY] [DLA 3188-1] sysstat security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00014.html"
},
{
"name": "FEDORA-2022-dbe48a4bc7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHUVUDIVDJZ7AVXD3XX3NBXXXKPOKN3N/"
},
{
"name": "FEDORA-2022-5adda2d05f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X6WKTODOUDV6M3HZMASYNZP6EM4N7W4/"
},
{
"name": "FEDORA-2022-9f3af921a5",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6F26ALXWYHT4LN2AHPZM34OQEXTJE3JZ/"
},
{
"name": "GLSA-202211-07",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202211-07"
}
],
"source": {
"advisory": "GHSA-q8r6-g56f-9w7x",
"discovery": "UNKNOWN"
},
"title": "sysstat Incorrect Buffer Size calculation on 32-bit systems results in RCE via buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-39377",
"datePublished": "2022-11-08T00:00:00",
"dateReserved": "2022-09-02T00:00:00",
"dateUpdated": "2024-08-03T12:00:44.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3852
Vulnerability from cvelistv5
Published
2007-08-14 18:00
Modified
2024-08-07 14:28
Severity ?
EPSS score ?
Summary
The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/26527 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36045 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/25380 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/39709 | vdb-entry, x_refsource_OSVDB | |
| https://bugs.gentoo.org/show_bug.cgi?id=188808 | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2011-1005.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26527"
},
{
"name": "sysstat-init-privilege-escalation(36045)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36045"
},
{
"name": "25380",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25380"
},
{
"name": "39709",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39709"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=188808"
},
{
"name": "RHSA-2011:1005",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "26527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26527"
},
{
"name": "sysstat-init-privilege-escalation(36045)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36045"
},
{
"name": "25380",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25380"
},
{
"name": "39709",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39709"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=188808"
},
{
"name": "RHSA-2011:1005",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1005.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2007-3852",
"datePublished": "2007-08-14T18:00:00",
"dateReserved": "2007-07-18T00:00:00",
"dateUpdated": "2024-08-07T14:28:52.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0107
Vulnerability from cvelistv5
Published
2004-03-16 05:00
Modified
2024-08-08 00:10
Severity ?
EPSS score ?
Summary
The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2004-093.html | vendor-advisory, x_refsource_REDHAT | |
| ftp://patches.sgi.com/support/free/security/advisories/20040302-01-U.asc | vendor-advisory, x_refsource_SGI | |
| http://www.ciac.org/ciac/bulletins/o-097.shtml | third-party-advisory, government-resource, x_refsource_CIAC | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10737 | vdb-entry, signature, x_refsource_OVAL | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15428 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/9838 | vdb-entry, x_refsource_BID | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A862 | vdb-entry, signature, x_refsource_OVAL | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A849 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.redhat.com/support/errata/RHSA-2004-053.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.osvdb.org/6884 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:02.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2004:093",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-093.html"
},
{
"name": "20040302-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040302-01-U.asc"
},
{
"name": "O-097",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/o-097.shtml"
},
{
"name": "oval:org.mitre.oval:def:10737",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10737"
},
{
"name": "sysstat-post-trigger-symlink(15428)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15428"
},
{
"name": "9838",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9838"
},
{
"name": "oval:org.mitre.oval:def:862",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A862"
},
{
"name": "oval:org.mitre.oval:def:849",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A849"
},
{
"name": "RHSA-2004:053",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-053.html"
},
{
"name": "6884",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6884"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2004:093",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-093.html"
},
{
"name": "20040302-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040302-01-U.asc"
},
{
"name": "O-097",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/o-097.shtml"
},
{
"name": "oval:org.mitre.oval:def:10737",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10737"
},
{
"name": "sysstat-post-trigger-symlink(15428)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15428"
},
{
"name": "9838",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9838"
},
{
"name": "oval:org.mitre.oval:def:862",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A862"
},
{
"name": "oval:org.mitre.oval:def:849",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A849"
},
{
"name": "RHSA-2004:053",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-053.html"
},
{
"name": "6884",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6884"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2004:093",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-093.html"
},
{
"name": "20040302-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040302-01-U.asc"
},
{
"name": "O-097",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-097.shtml"
},
{
"name": "oval:org.mitre.oval:def:10737",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10737"
},
{
"name": "sysstat-post-trigger-symlink(15428)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15428"
},
{
"name": "9838",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9838"
},
{
"name": "oval:org.mitre.oval:def:862",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A862"
},
{
"name": "oval:org.mitre.oval:def:849",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A849"
},
{
"name": "RHSA-2004:053",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-053.html"
},
{
"name": "6884",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6884"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0107",
"datePublished": "2004-03-16T05:00:00",
"dateReserved": "2004-02-02T00:00:00",
"dateUpdated": "2024-08-08T00:10:02.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0108
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 00:10
Severity ?
EPSS score ?
Summary
The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107.
References
| ▼ | URL | Tags |
|---|---|---|
| ftp://patches.sgi.com/support/free/security/advisories/20040302-01-U.asc | vendor-advisory, x_refsource_SGI | |
| http://www.redhat.com/support/errata/RHSA-2004-053.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2004/dsa-460 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/9844 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15437 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040302-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040302-01-U.asc"
},
{
"name": "RHSA-2004:053",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-053.html"
},
{
"name": "DSA-460",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-460"
},
{
"name": "9844",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9844"
},
{
"name": "sysstat-isag-symlink(15437)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15437"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-07-17T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040302-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040302-01-U.asc"
},
{
"name": "RHSA-2004:053",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-053.html"
},
{
"name": "DSA-460",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-460"
},
{
"name": "9844",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9844"
},
{
"name": "sysstat-isag-symlink(15437)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15437"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040302-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040302-01-U.asc"
},
{
"name": "RHSA-2004:053",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-053.html"
},
{
"name": "DSA-460",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-460"
},
{
"name": "9844",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9844"
},
{
"name": "sysstat-isag-symlink(15437)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15437"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0108",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2004-02-02T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}