4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
25.6%
CentOS Errata and Security Advisory CESA-2009:1619
Dstat is a versatile replacement for the vmstat, iostat, and netstat tools.
Dstat can be used for performance tuning tests, benchmarks, and
troubleshooting.
Robert Buchholz of the Gentoo Security Team reported a flaw in the Python
module search path used in dstat. If a local attacker could trick a
local user into running dstat from a directory containing a Python script
that is named like an importable module, they could execute arbitrary code
with the privileges of the user running dstat. (CVE-2009-3894)
All dstat users should upgrade to this updated package, which contains a
backported patch to correct this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-December/078528.html
https://lists.centos.org/pipermail/centos-announce/2009-December/078529.html
Affected packages:
dstat
Upstream details at:
https://access.redhat.com/errata/RHSA-2009:1619
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 5 | noarch | dstat | <Β 0.6.6-3.el5_4.1 | dstat-0.6.6-3.el5_4.1.noarch.rpm |
CentOS | 5 | noarch | dstat | <Β 0.6.6-3.el5_4.1 | dstat-0.6.6-3.el5_4.1.noarch.rpm |
CentOS | 5 | noarch | dstat | <Β 0.6.6-3.el5_4.1 | dstat-0.6.6-3.el5_4.1.noarch.rpm |
CentOS | 5 | noarch | dstat | <Β 0.6.6-3.el5_4.1 | dstat-0.6.6-3.el5_4.1.noarch.rpm |