{"id": "CENTOS_RHSA-2011-1005.NASL", "bulletinFamily": "scanner", "title": "CentOS 5 : sysstat (CESA-2011:1005)", "description": "An updated sysstat package that fixes one security issue, various\nbugs, and adds one enhancement is now available for Red Hat Enterprise\nLinux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe sysstat package contains a set of utilities which enable system\nmonitoring of disks, network, and other I/O activity.\n\nIt was found that the sysstat initscript created a temporary file in\nan insecure way. A local attacker could use this flaw to create\narbitrary files via a symbolic link attack. (CVE-2007-3852)\n\nThis update fixes the following bugs :\n\n* On systems under heavy load, the sadc utility would sometimes output\nthe following error message if a write() call was unable to write all\nof the requested input :\n\n'Cannot write data to system activity file: Success.'\n\nIn this updated package, the sadc utility tries to write the remaining\ninput, resolving this issue. (BZ#454617)\n\n* On the Itanium architecture, the 'sar -I' command provided incorrect\ninformation about the interrupt statistics of the system. With this\nupdate, the 'sar -I' command has been disabled for this architecture,\npreventing this bug. (BZ#468340)\n\n* Previously, the 'iostat -n' command used invalid data to create\nstatistics for read and write operations. With this update, the data\nsource for these statistics has been fixed, and the iostat utility now\nreturns correct information. (BZ#484439)\n\n* The 'sar -d' command used to output invalid data about block\ndevices. With this update, the sar utility recognizes disk\nregistration and disk overflow statistics properly, and only correct\nand relevant data is now displayed. (BZ#517490)\n\n* Previously, the sar utility set the maximum number of days to be\nlogged in one month too high. Consequently, data from a month was\nappended to data from the preceding month. With this update, the\nmaximum number of days has been set to 25, and data from a month now\ncorrectly replaces data from the preceding month. (BZ#578929)\n\n* In previous versions of the iostat utility, the number of NFS mount\npoints was hard-coded. Consequently, various issues occurred while\niostat was running and NFS mount points were mounted or unmounted;\ncertain values in iostat reports overflowed and some mount points were\nnot reported at all. With this update, iostat properly recognizes when\nan NFS mount point mounts or unmounts, fixing these issues.\n(BZ#675058, BZ#706095, BZ#694767)\n\n* When a device name was longer than 13 characters, the iostat utility\nprinted a redundant new line character, making its output less\nreadable. This bug has been fixed and now, no extra characters are\nprinted if a long device name occurs in iostat output. (BZ#604637)\n\n* Previously, if kernel interrupt counters overflowed, the sar utility\nprovided confusing output. This bug has been fixed and the sum of\ninterrupts is now reported correctly. (BZ#622557)\n\n* When some processors were disabled on a multi-processor system, the\nsar utility sometimes failed to provide information about the CPU\nactivity. With this update, the uptime of a single processor is used\nto compute the statistics, rather than the total uptime of all\nprocessors, and this bug no longer occurs. (BZ#630559)\n\n* Previously, the mpstat utility wrongly interpreted data about\nprocessors in the system. Consequently, it reported a processor that\ndid not exist. This bug has been fixed and non-existent CPUs are no\nlonger reported by mpstat. (BZ#579409)\n\n* Previously, there was no easy way to enable the collection of\nstatistics about disks and interrupts. Now, the SADC_OPTIONS variable\ncan be used to set parameters for the sadc utility, fixing this bug.\n(BZ#598794)\n\n* The read_uptime() function failed to close its open file upon exit.\nA patch has been provided to fix this bug. (BZ#696672)\n\nThis update also adds the following enhancement :\n\n* With this update, the cifsiostat utility has been added to the\nsysstat package to provide CIFS (Common Internet File System) mount\npoint I/O statistics. (BZ#591530)\n\nAll sysstat users are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues and add this\nenhancement.", "published": "2011-09-23T00:00:00", "modified": "2011-09-23T00:00:00", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/56263", "reporter": "This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?e30798b0", "http://www.nessus.org/u?073378f3", "http://www.nessus.org/u?3e42a303", "http://www.nessus.org/u?446d555f"], "cvelist": ["CVE-2007-3852"], "type": "nessus", "lastseen": "2021-01-06T09:27:13", "edition": 26, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-3852"]}, {"type": "openvas", "idList": ["OPENVAS:881299", "OPENVAS:1361412562310881299", "OPENVAS:1361412562310870457", "OPENVAS:861131", "OPENVAS:870457", "OPENVAS:1361412562310122120", "OPENVAS:1361412562310880987", "OPENVAS:880987"]}, {"type": "osvdb", "idList": ["OSVDB:39709"]}, {"type": "centos", "idList": ["CESA-2011:1005"]}, {"type": "redhat", "idList": ["RHSA-2011:1005"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1005"]}, {"type": "nessus", "idList": ["FEDORA_2007-1697.NASL", "SL_20110721_SYSSTAT_ON_SL5_X.NASL", "FEDORA_2007-675.NASL", "REDHAT-RHSA-2011-1005.NASL"]}, {"type": "fedora", "idList": ["FEDORA:L7KG2JRV012128", "FEDORA:L7REZRJD023174"]}], "modified": "2021-01-06T09:27:13", "rev": 2}, "score": {"value": 4.8, "vector": "NONE", "modified": "2021-01-06T09:27:13", "rev": 2}, "vulnersScore": 4.8}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1005 and \n# CentOS Errata and Security Advisory 2011:1005 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56263);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-3852\");\n script_bugtraq_id(25380);\n script_xref(name:\"RHSA\", value:\"2011:1005\");\n\n script_name(english:\"CentOS 5 : sysstat (CESA-2011:1005)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated sysstat package that fixes one security issue, various\nbugs, and adds one enhancement is now available for Red Hat Enterprise\nLinux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe sysstat package contains a set of utilities which enable system\nmonitoring of disks, network, and other I/O activity.\n\nIt was found that the sysstat initscript created a temporary file in\nan insecure way. A local attacker could use this flaw to create\narbitrary files via a symbolic link attack. (CVE-2007-3852)\n\nThis update fixes the following bugs :\n\n* On systems under heavy load, the sadc utility would sometimes output\nthe following error message if a write() call was unable to write all\nof the requested input :\n\n'Cannot write data to system activity file: Success.'\n\nIn this updated package, the sadc utility tries to write the remaining\ninput, resolving this issue. (BZ#454617)\n\n* On the Itanium architecture, the 'sar -I' command provided incorrect\ninformation about the interrupt statistics of the system. With this\nupdate, the 'sar -I' command has been disabled for this architecture,\npreventing this bug. (BZ#468340)\n\n* Previously, the 'iostat -n' command used invalid data to create\nstatistics for read and write operations. With this update, the data\nsource for these statistics has been fixed, and the iostat utility now\nreturns correct information. (BZ#484439)\n\n* The 'sar -d' command used to output invalid data about block\ndevices. With this update, the sar utility recognizes disk\nregistration and disk overflow statistics properly, and only correct\nand relevant data is now displayed. (BZ#517490)\n\n* Previously, the sar utility set the maximum number of days to be\nlogged in one month too high. Consequently, data from a month was\nappended to data from the preceding month. With this update, the\nmaximum number of days has been set to 25, and data from a month now\ncorrectly replaces data from the preceding month. (BZ#578929)\n\n* In previous versions of the iostat utility, the number of NFS mount\npoints was hard-coded. Consequently, various issues occurred while\niostat was running and NFS mount points were mounted or unmounted;\ncertain values in iostat reports overflowed and some mount points were\nnot reported at all. With this update, iostat properly recognizes when\nan NFS mount point mounts or unmounts, fixing these issues.\n(BZ#675058, BZ#706095, BZ#694767)\n\n* When a device name was longer than 13 characters, the iostat utility\nprinted a redundant new line character, making its output less\nreadable. This bug has been fixed and now, no extra characters are\nprinted if a long device name occurs in iostat output. (BZ#604637)\n\n* Previously, if kernel interrupt counters overflowed, the sar utility\nprovided confusing output. This bug has been fixed and the sum of\ninterrupts is now reported correctly. (BZ#622557)\n\n* When some processors were disabled on a multi-processor system, the\nsar utility sometimes failed to provide information about the CPU\nactivity. With this update, the uptime of a single processor is used\nto compute the statistics, rather than the total uptime of all\nprocessors, and this bug no longer occurs. (BZ#630559)\n\n* Previously, the mpstat utility wrongly interpreted data about\nprocessors in the system. Consequently, it reported a processor that\ndid not exist. This bug has been fixed and non-existent CPUs are no\nlonger reported by mpstat. (BZ#579409)\n\n* Previously, there was no easy way to enable the collection of\nstatistics about disks and interrupts. Now, the SADC_OPTIONS variable\ncan be used to set parameters for the sadc utility, fixing this bug.\n(BZ#598794)\n\n* The read_uptime() function failed to close its open file upon exit.\nA patch has been provided to fix this bug. (BZ#696672)\n\nThis update also adds the following enhancement :\n\n* With this update, the cifsiostat utility has been added to the\nsysstat package to provide CIFS (Common Internet File System) mount\npoint I/O statistics. (BZ#591530)\n\nAll sysstat users are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues and add this\nenhancement.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/018036.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?446d555f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/018037.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e30798b0\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000156.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3e42a303\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000157.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?073378f3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected sysstat package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:sysstat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"sysstat-7.0.2-11.el5\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sysstat\");\n}\n", "naslFamily": "CentOS Local Security Checks", "pluginID": "56263", "cpe": ["cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:sysstat"], "scheme": null}

{"cve": [{"lastseen": "2020-10-03T11:45:52", "description": "The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.", "edition": 3, "cvss3": {}, "published": "2007-08-14T18:17:00", "title": "CVE-2007-3852", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3852"], "modified": "2017-07-29T01:32:00", "cpe": ["cpe:/a:sysstat:sysstat:5.1.3", "cpe:/a:sysstat:sysstat:7.0.2", "cpe:/a:sysstat:sysstat:7.1.4", "cpe:/a:sysstat:sysstat:5.1.2", "cpe:/a:sysstat:sysstat:7.0.4", "cpe:/a:sysstat:sysstat:7.1.1", "cpe:/a:sysstat:sysstat:7.0.1", "cpe:/a:sysstat:sysstat:6.0.5", "cpe:/a:sysstat:sysstat:6.0.3", "cpe:/a:sysstat:sysstat:6.0.2", "cpe:/a:sysstat:sysstat:6.0.1", "cpe:/a:sysstat:sysstat:7.1.3", "cpe:/a:sysstat:sysstat:7.0.3", "cpe:/a:sysstat:sysstat:5.1.5", "cpe:/a:sysstat:sysstat:6.0.4", "cpe:/a:sysstat:sysstat:7.1.2", "cpe:/a:sysstat:sysstat:7.0.0", "cpe:/a:sysstat:sysstat:7.1.6", "cpe:/a:sysstat:sysstat:5.1.4", "cpe:/a:sysstat:sysstat:6.0.0", "cpe:/a:sysstat:sysstat:7.1.5"], "id": "CVE-2007-3852", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3852", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:sysstat:sysstat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:sysstat:sysstat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:sysstat:sysstat:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:sysstat:sysstat:7.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:sysstat:sysstat:7.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:sysstat:sysstat:7.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:sysstat:sysstat:5.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:sysstat:sysstat:7.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:sysstat:sysstat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:sysstat:sysstat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:sysstat:sysstat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:sysstat:sysstat:5.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:sysstat:sysstat:7.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:sysstat:sysstat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:sysstat:sysstat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:sysstat:sysstat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:sysstat:sysstat:5.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:sysstat:sysstat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:sysstat:sysstat:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:sysstat:sysstat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:sysstat:sysstat:5.1.4:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-27T10:55:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3852"], "description": "Check for the Version of sysstat", "modified": "2017-07-12T00:00:00", "published": "2011-07-22T00:00:00", "id": "OPENVAS:870457", "href": "http://plugins.openvas.org/nasl.php?oid=870457", "type": "openvas", "title": "RedHat Update for sysstat RHSA-2011:1005-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for sysstat RHSA-2011:1005-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The sysstat package contains a set of utilities which enable system\n monitoring of disks, network, and other I/O activity.\n\n It was found that the sysstat initscript created a temporary file in an\n insecure way. A local attacker could use this flaw to create arbitrary\n files via a symbolic link attack. (CVE-2007-3852)\n \n This update fixes the following bugs:\n \n * On systems under heavy load, the sadc utility would sometimes output the\n following error message if a write() call was unable to write all of the\n requested input:\n \n &quot;Cannot write data to system activity file: Success.&quot;\n \n In this updated package, the sadc utility tries to write the remaining\n input, resolving this issue. (BZ#454617)\n \n * On the Itanium architecture, the &quot;sar -I&quot; command provided incorrect\n information about the interrupt statistics of the system. With this update,\n the &quot;sar -I&quot; command has been disabled for this architecture, preventing\n this bug. (BZ#468340)\n \n * Previously, the &quot;iostat -n&quot; command used invalid data to create\n statistics for read and write operations. With this update, the data source\n for these statistics has been fixed, and the iostat utility now returns\n correct information. (BZ#484439)\n \n * The &quot;sar -d&quot; command used to output invalid data about block devices.\n With this update, the sar utility recognizes disk registration and disk\n overflow statistics properly, and only correct and relevant data is now\n displayed. (BZ#517490)\n \n * Previously, the sar utility set the maximum number of days to be logged\n in one month too high. Consequently, data from a month was appended to\n data from the preceding month. With this update, the maximum number of days\n has been set to 25, and data from a month now correctly replaces data from\n the preceding month. (BZ#578929)\n \n * In previous versions of the iostat utility, the number of NFS mount\n points was hard-coded. Consequently, various issues occurred while iostat\n was running and NFS mount points were mounted or unmounted; certain values\n in iostat reports overflowed and some mount points were not reported at\n all. With this update, iostat properly recognizes when an NFS mount point\n mounts or unmounts, fixing these issues. (BZ#675058, BZ#706095, BZ#694767)\n \n * When a device name was longer than 13 characters, the iostat utility\n printed a redundant new line character, making its output less readable.\n This bug has been fixed and now, no extra characters are printed if a long\n device name occurs in iostat output. (BZ#604637)\n \n ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"sysstat on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-July/msg00023.html\");\n script_id(870457);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-22 14:44:51 +0200 (Fri, 22 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2011:1005-01\");\n script_cve_id(\"CVE-2007-3852\");\n script_name(\"RedHat Update for sysstat RHSA-2011:1005-01\");\n\n script_summary(\"Check for the Version of sysstat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"sysstat\", rpm:\"sysstat~7.0.2~11.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sysstat-debuginfo\", rpm:\"sysstat-debuginfo~7.0.2~11.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3852"], "description": "Check for the Version of sysstat", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861131", "href": "http://plugins.openvas.org/nasl.php?oid=861131", "type": "openvas", "title": "Fedora Update for sysstat FEDORA-2007-1697", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for sysstat FEDORA-2007-1697\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"sysstat on Fedora 7\";\ntag_insight = \"This package provides the sar and iostat commands for Linux. Sar and\n iostat enable system monitoring of disk, network, and other IO\n activity.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-August/msg00311.html\");\n script_id(861131);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 15:48:41 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2007-1697\");\n script_cve_id(\"CVE-2007-3852\");\n script_name( \"Fedora Update for sysstat FEDORA-2007-1697\");\n\n script_summary(\"Check for the Version of sysstat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"sysstat\", rpm:\"sysstat~7.0.4~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sysstat\", rpm:\"sysstat~7.0.4~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sysstat-debuginfo\", rpm:\"sysstat-debuginfo~7.0.4~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sysstat\", rpm:\"sysstat~7.0.4~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sysstat-debuginfo\", rpm:\"sysstat-debuginfo~7.0.4~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:58:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3852"], "description": "Check for the Version of sysstat", "modified": "2018-01-01T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:881299", "href": "http://plugins.openvas.org/nasl.php?oid=881299", "type": "openvas", "title": "CentOS Update for sysstat CESA-2011:1005 centos5 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for sysstat CESA-2011:1005 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The sysstat package contains a set of utilities which enable system\n monitoring of disks, network, and other I/O activity.\n\n It was found that the sysstat initscript created a temporary file in an\n insecure way. A local attacker could use this flaw to create arbitrary\n files via a symbolic link attack. (CVE-2007-3852)\n \n This update fixes the following bugs:\n \n * On systems under heavy load, the sadc utility would sometimes output the\n following error message if a write() call was unable to write all of the\n requested input:\n \n &quot;Cannot write data to system activity file: Success.&quot;\n \n In this updated package, the sadc utility tries to write the remaining\n input, resolving this issue. (BZ#454617)\n \n * On the Itanium architecture, the &quot;sar -I&quot; command provided incorrect\n information about the interrupt statistics of the system. With this update,\n the &quot;sar -I&quot; command has been disabled for this architecture, preventing\n this bug. (BZ#468340)\n \n * Previously, the &quot;iostat -n&quot; command used invalid data to create\n statistics for read and write operations. With this update, the data source\n for these statistics has been fixed, and the iostat utility now returns\n correct information. (BZ#484439)\n \n * The &quot;sar -d&quot; command used to output invalid data about block devices.\n With this update, the sar utility recognizes disk registration and disk\n overflow statistics properly, and only correct and relevant data is now\n displayed. (BZ#517490)\n \n * Previously, the sar utility set the maximum number of days to be logged\n in one month too high. Consequently, data from a month was appended to\n data from the preceding month. With this update, the maximum number of days\n has been set to 25, and data from a month now correctly replaces data from\n the preceding month. (BZ#578929)\n \n * In previous versions of the iostat utility, the number of NFS mount\n points was hard-coded. Consequently, various issues occurred while iostat\n was running and NFS mount points were mounted or unmounted; certain values\n in iostat reports overflowed and some mount points were not reported at\n all. With this update, iostat properly recognizes when an NFS mount point\n mounts or unmounts, fixing these issues. (BZ#675058, BZ#706095, BZ#694767)\n \n * When a device name was longer than 13 characters, the iostat utility\n printed a redundant new line character, making its output less readable.\n This bug has been fixed and now, no extra characters are printed if a long\n device name occurs in iostat output. (BZ#604637)\n \n * Previously, if kernel inte ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"sysstat on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-September/018037.html\");\n script_id(881299);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:19:41 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2007-3852\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1005\");\n script_name(\"CentOS Update for sysstat CESA-2011:1005 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of sysstat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"sysstat\", rpm:\"sysstat~7.0.2~11.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3852"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881299", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881299", "type": "openvas", "title": "CentOS Update for sysstat CESA-2011:1005 centos5 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for sysstat CESA-2011:1005 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-September/018037.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881299\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:19:41 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2007-3852\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2011:1005\");\n script_name(\"CentOS Update for sysstat CESA-2011:1005 centos5 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'sysstat'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"sysstat on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The sysstat package contains a set of utilities which enable system\n monitoring of disks, network, and other I/O activity.\n\n It was found that the sysstat initscript created a temporary file in an\n insecure way. A local attacker could use this flaw to create arbitrary\n files via a symbolic link attack. (CVE-2007-3852)\n\n This update fixes the following bugs:\n\n * On systems under heavy load, the sadc utility would sometimes output the\n following error message if a write() call was unable to write all of the\n requested input:\n\n 'Cannot write data to system activity file: Success.'\n\n In this updated package, the sadc utility tries to write the remaining\n input, resolving this issue. (BZ#454617)\n\n * On the Itanium architecture, the 'sar -I' command provided incorrect\n information about the interrupt statistics of the system. With this update,\n the 'sar -I' command has been disabled for this architecture, preventing\n this bug. (BZ#468340)\n\n * Previously, the 'iostat -n' command used invalid data to create\n statistics for read and write operations. With this update, the data source\n for these statistics has been fixed, and the iostat utility now returns\n correct information. (BZ#484439)\n\n * The 'sar -d' command used to output invalid data about block devices.\n With this update, the sar utility recognizes disk registration and disk\n overflow statistics properly, and only correct and relevant data is now\n displayed. (BZ#517490)\n\n * Previously, the sar utility set the maximum number of days to be logged\n in one month too high. Consequently, data from a month was appended to\n data from the preceding month. With this update, the maximum number of days\n has been set to 25, and data from a month now correctly replaces data from\n the preceding month. (BZ#578929)\n\n * In previous versions of the iostat utility, the number of NFS mount\n points was hard-coded. Consequently, various issues occurred while iostat\n was running and NFS mount points were mounted or unmounted. Certain values\n in iostat reports overflowed and some mount points were not reported at\n all. With this update, iostat properly recognizes when an NFS mount point\n mounts or unmounts, fixing these issues. (BZ#675058, BZ#706095, BZ#694767)\n\n * When a device name was longer than 13 characters, the iostat utility\n printed a redundant new line character, making its output less readable.\n This bug has been fixed and now, no extra characters are printed if a long\n device name occurs in iostat output. (BZ#604637)\n\n * Previously, if kernel inte ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"sysstat\", rpm:\"sysstat~7.0.2~11.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3852"], "description": "The remote host is missing an update for the ", "modified": "2019-03-12T00:00:00", "published": "2011-07-22T00:00:00", "id": "OPENVAS:1361412562310870457", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870457", "type": "openvas", "title": "RedHat Update for sysstat RHSA-2011:1005-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for sysstat RHSA-2011:1005-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-July/msg00023.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870457\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-22 14:44:51 +0200 (Fri, 22 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"RHSA\", value:\"2011:1005-01\");\n script_cve_id(\"CVE-2007-3852\");\n script_name(\"RedHat Update for sysstat RHSA-2011:1005-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'sysstat'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"sysstat on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The sysstat package contains a set of utilities which enable system\n monitoring of disks, network, and other I/O activity.\n\n It was found that the sysstat initscript created a temporary file in an\n insecure way. A local attacker could use this flaw to create arbitrary\n files via a symbolic link attack. (CVE-2007-3852)\n\n This update fixes the following bugs:\n\n * On systems under heavy load, the sadc utility would sometimes output the\n following error message if a write() call was unable to write all of the\n requested input:\n\n 'Cannot write data to system activity file: Success.'\n\n In this updated package, the sadc utility tries to write the remaining\n input, resolving this issue. (BZ#454617)\n\n * On the Itanium architecture, the 'sar -I' command provided incorrect\n information about the interrupt statistics of the system. With this update,\n the 'sar -I' command has been disabled for this architecture, preventing\n this bug. (BZ#468340)\n\n * Previously, the 'iostat -n' command used invalid data to create\n statistics for read and write operations. With this update, the data source\n for these statistics has been fixed, and the iostat utility now returns\n correct information. (BZ#484439)\n\n * The 'sar -d' command used to output invalid data about block devices.\n With this update, the sar utility recognizes disk registration and disk\n overflow statistics properly, and only correct and relevant data is now\n displayed. (BZ#517490)\n\n * Previously, the sar utility set the maximum number of days to be logged\n in one month too high. Consequently, data from a month was appended to\n data from the preceding month. With this update, the maximum number of days\n has been set to 25, and data from a month now correctly replaces data from\n the preceding month. (BZ#578929)\n\n * In previous versions of the iostat utility, the number of NFS mount\n points was hard-coded. Consequently, various issues occurred while iostat\n was running and NFS mount points were mounted or unmounted. Certain values\n in iostat reports overflowed and some mount points were not reported at\n all. With this update, iostat properly recognizes when an NFS mount point\n mounts or unmounts, fixing these issues. (BZ#675058, BZ#706095, BZ#694767)\n\n * When a device name was longer than 13 characters, the iostat utility\n printed a redundant new line character, making its output less readable.\n This bug has been fixed and now, no extra characters are printed if a long\n device name occurs in iostat output. (BZ#604637)\n\n ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"sysstat\", rpm:\"sysstat~7.0.2~11.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sysstat-debuginfo\", rpm:\"sysstat-debuginfo~7.0.2~11.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:55:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3852"], "description": "Check for the Version of sysstat", "modified": "2017-07-10T00:00:00", "published": "2011-09-23T00:00:00", "id": "OPENVAS:880987", "href": "http://plugins.openvas.org/nasl.php?oid=880987", "type": "openvas", "title": "CentOS Update for sysstat CESA-2011:1005 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for sysstat CESA-2011:1005 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The sysstat package contains a set of utilities which enable system\n monitoring of disks, network, and other I/O activity.\n\n It was found that the sysstat initscript created a temporary file in an\n insecure way. A local attacker could use this flaw to create arbitrary\n files via a symbolic link attack. (CVE-2007-3852)\n \n This update fixes the following bugs:\n \n * On systems under heavy load, the sadc utility would sometimes output the\n following error message if a write() call was unable to write all of the\n requested input:\n \n &quot;Cannot write data to system activity file: Success.&quot;\n \n In this updated package, the sadc utility tries to write the remaining\n input, resolving this issue. (BZ#454617)\n \n * On the Itanium architecture, the &quot;sar -I&quot; command provided incorrect\n information about the interrupt statistics of the system. With this update,\n the &quot;sar -I&quot; command has been disabled for this architecture, preventing\n this bug. (BZ#468340)\n \n * Previously, the &quot;iostat -n&quot; command used invalid data to create\n statistics for read and write operations. With this update, the data source\n for these statistics has been fixed, and the iostat utility now returns\n correct information. (BZ#484439)\n \n * The &quot;sar -d&quot; command used to output invalid data about block devices.\n With this update, the sar utility recognizes disk registration and disk\n overflow statistics properly, and only correct and relevant data is now\n displayed. (BZ#517490)\n \n * Previously, the sar utility set the maximum number of days to be logged\n in one month too high. Consequently, data from a month was appended to\n data from the preceding month. With this update, the maximum number of days\n has been set to 25, and data from a month now correctly replaces data from\n the preceding month. (BZ#578929)\n \n * In previous versions of the iostat utility, the number of NFS mount\n points was hard-coded. Consequently, various issues occurred while iostat\n was running and NFS mount points were mounted or unmounted; certain values\n in iostat reports overflowed and some mount points were not reported at\n all. With this update, iostat properly recognizes when an NFS mount point\n mounts or unmounts, fixing these issues. (BZ#675058, BZ#706095, BZ#694767)\n \n * When a device name was longer than 13 characters, the iostat utility\n printed a redundant new line character, making its output less readable.\n This bug has been fixed and now, no extra characters are printed if a long\n device name occurs in iostat output. (BZ#604637)\n \n * Previously, if kernel inte ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"sysstat on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-September/018036.html\");\n script_id(880987);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1005\");\n script_cve_id(\"CVE-2007-3852\");\n script_name(\"CentOS Update for sysstat CESA-2011:1005 centos5 i386\");\n\n script_summary(\"Check for the Version of sysstat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"sysstat\", rpm:\"sysstat~7.0.2~11.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3852"], "description": "Oracle Linux Local Security Checks ELSA-2011-1005", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122120", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122120", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-1005", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-1005.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122120\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:13:24 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-1005\");\n script_tag(name:\"insight\", value:\"ELSA-2011-1005 - sysstat security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-1005\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-1005.html\");\n script_cve_id(\"CVE-2007-3852\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"sysstat\", rpm:\"sysstat~7.0.2~11.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:40:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3852"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-09-23T00:00:00", "id": "OPENVAS:1361412562310880987", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880987", "type": "openvas", "title": "CentOS Update for sysstat CESA-2011:1005 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for sysstat CESA-2011:1005 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-September/018036.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880987\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2011:1005\");\n script_cve_id(\"CVE-2007-3852\");\n script_name(\"CentOS Update for sysstat CESA-2011:1005 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'sysstat'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"sysstat on CentOS 5\");\n script_tag(name:\"insight\", value:\"The sysstat package contains a set of utilities which enable system\n monitoring of disks, network, and other I/O activity.\n\n It was found that the sysstat initscript created a temporary file in an\n insecure way. A local attacker could use this flaw to create arbitrary\n files via a symbolic link attack. (CVE-2007-3852)\n\n This update fixes the following bugs:\n\n * On systems under heavy load, the sadc utility would sometimes output the\n following error message if a write() call was unable to write all of the\n requested input:\n\n 'Cannot write data to system activity file: Success.'\n\n In this updated package, the sadc utility tries to write the remaining\n input, resolving this issue. (BZ#454617)\n\n * On the Itanium architecture, the 'sar -I' command provided incorrect\n information about the interrupt statistics of the system. With this update,\n the 'sar -I' command has been disabled for this architecture, preventing\n this bug. (BZ#468340)\n\n * Previously, the 'iostat -n' command used invalid data to create\n statistics for read and write operations. With this update, the data source\n for these statistics has been fixed, and the iostat utility now returns\n correct information. (BZ#484439)\n\n * The 'sar -d' command used to output invalid data about block devices.\n With this update, the sar utility recognizes disk registration and disk\n overflow statistics properly, and only correct and relevant data is now\n displayed. (BZ#517490)\n\n * Previously, the sar utility set the maximum number of days to be logged\n in one month too high. Consequently, data from a month was appended to\n data from the preceding month. With this update, the maximum number of days\n has been set to 25, and data from a month now correctly replaces data from\n the preceding month. (BZ#578929)\n\n * In previous versions of the iostat utility, the number of NFS mount\n points was hard-coded. Consequently, various issues occurred while iostat\n was running and NFS mount points were mounted or unmounted. Certain values\n in iostat reports overflowed and some mount points were not reported at\n all. With this update, iostat properly recognizes when an NFS mount point\n mounts or unmounts, fixing these issues. (BZ#675058, BZ#706095, BZ#694767)\n\n * When a device name was longer than 13 characters, the iostat utility\n printed a redundant new line character, making its output less readable.\n This bug has been fixed and now, no extra characters are printed if a long\n device name occurs in iostat output. (BZ#604637)\n\n * Previously, if kernel inte ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"sysstat\", rpm:\"sysstat~7.0.2~11.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "cvelist": ["CVE-2007-3852"], "description": "## Solution Description\nUpgrade to version 8.0.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\n[Secunia Advisory ID:26527](https://secuniaresearch.flexerasoftware.com/advisories/26527/)\nOther Advisory URL: https://bugs.gentoo.org/show_bug.cgi?id=188808\nISS X-Force ID: 36045\n[CVE-2007-3852](https://vulners.com/cve/CVE-2007-3852)\nBugtraq ID: 25380\n", "edition": 1, "modified": "2007-08-14T11:21:28", "published": "2007-08-14T11:21:28", "href": "https://vulners.com/osvdb/OSVDB:39709", "id": "OSVDB:39709", "title": "Sysstat systat.in /tmp/sysstat.run Symlink Local Privilege Escalation", "type": "osvdb", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2020-10-30T13:22:23", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3852"], "description": "**CentOS Errata and Security Advisory** CESA-2011:1005\n\n\nThe sysstat package contains a set of utilities which enable system\nmonitoring of disks, network, and other I/O activity.\n\nIt was found that the sysstat initscript created a temporary file in an\ninsecure way. A local attacker could use this flaw to create arbitrary\nfiles via a symbolic link attack. (CVE-2007-3852)\n\nThis update fixes the following bugs:\n\n* On systems under heavy load, the sadc utility would sometimes output the\nfollowing error message if a write() call was unable to write all of the\nrequested input:\n\n\"Cannot write data to system activity file: Success.\"\n\nIn this updated package, the sadc utility tries to write the remaining\ninput, resolving this issue. (BZ#454617)\n\n* On the Itanium architecture, the \"sar -I\" command provided incorrect\ninformation about the interrupt statistics of the system. With this update,\nthe \"sar -I\" command has been disabled for this architecture, preventing\nthis bug. (BZ#468340)\n\n* Previously, the \"iostat -n\" command used invalid data to create\nstatistics for read and write operations. With this update, the data source\nfor these statistics has been fixed, and the iostat utility now returns\ncorrect information. (BZ#484439)\n\n* The \"sar -d\" command used to output invalid data about block devices.\nWith this update, the sar utility recognizes disk registration and disk\noverflow statistics properly, and only correct and relevant data is now\ndisplayed. (BZ#517490)\n\n* Previously, the sar utility set the maximum number of days to be logged\nin one month too high. Consequently, data from a month was appended to\ndata from the preceding month. With this update, the maximum number of days\nhas been set to 25, and data from a month now correctly replaces data from\nthe preceding month. (BZ#578929)\n\n* In previous versions of the iostat utility, the number of NFS mount\npoints was hard-coded. Consequently, various issues occurred while iostat\nwas running and NFS mount points were mounted or unmounted; certain values\nin iostat reports overflowed and some mount points were not reported at\nall. With this update, iostat properly recognizes when an NFS mount point\nmounts or unmounts, fixing these issues. (BZ#675058, BZ#706095, BZ#694767)\n\n* When a device name was longer than 13 characters, the iostat utility\nprinted a redundant new line character, making its output less readable.\nThis bug has been fixed and now, no extra characters are printed if a long\ndevice name occurs in iostat output. (BZ#604637)\n\n* Previously, if kernel interrupt counters overflowed, the sar utility\nprovided confusing output. This bug has been fixed and the sum of\ninterrupts is now reported correctly. (BZ#622557)\n\n* When some processors were disabled on a multi-processor system, the sar\nutility sometimes failed to provide information about the CPU activity.\nWith this update, the uptime of a single processor is used to compute the\nstatistics, rather than the total uptime of all processors, and this bug no\nlonger occurs. (BZ#630559)\n\n* Previously, the mpstat utility wrongly interpreted data about processors\nin the system. Consequently, it reported a processor that did not exist.\nThis bug has been fixed and non-existent CPUs are no longer reported by\nmpstat. (BZ#579409)\n\n* Previously, there was no easy way to enable the collection of statistics\nabout disks and interrupts. Now, the SADC_OPTIONS variable can be used to\nset parameters for the sadc utility, fixing this bug. (BZ#598794)\n\n* The read_uptime() function failed to close its open file upon exit. A\npatch has been provided to fix this bug. (BZ#696672)\n\nThis update also adds the following enhancement:\n\n* With this update, the cifsiostat utility has been added to the sysstat\npackage to provide CIFS (Common Internet File System) mount point I/O\nstatistics. (BZ#591530)\n\nAll sysstat users are advised to upgrade to this updated package, which\ncontains backported patches to correct these issues and add this\nenhancement.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-September/030074.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-September/030075.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2011-September/006356.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2011-September/006357.html\n\n**Affected packages:**\nsysstat\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-1005.html", "edition": 9, "modified": "2011-09-22T10:01:13", "published": "2011-09-01T16:12:31", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2011-September/006356.html", "id": "CESA-2011:1005", "title": "sysstat security update", "type": "centos", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:29", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3852"], "description": "The sysstat package contains a set of utilities which enable system\nmonitoring of disks, network, and other I/O activity.\n\nIt was found that the sysstat initscript created a temporary file in an\ninsecure way. A local attacker could use this flaw to create arbitrary\nfiles via a symbolic link attack. (CVE-2007-3852)\n\nThis update fixes the following bugs:\n\n* On systems under heavy load, the sadc utility would sometimes output the\nfollowing error message if a write() call was unable to write all of the\nrequested input:\n\n\"Cannot write data to system activity file: Success.\"\n\nIn this updated package, the sadc utility tries to write the remaining\ninput, resolving this issue. (BZ#454617)\n\n* On the Itanium architecture, the \"sar -I\" command provided incorrect\ninformation about the interrupt statistics of the system. With this update,\nthe \"sar -I\" command has been disabled for this architecture, preventing\nthis bug. (BZ#468340)\n\n* Previously, the \"iostat -n\" command used invalid data to create\nstatistics for read and write operations. With this update, the data source\nfor these statistics has been fixed, and the iostat utility now returns\ncorrect information. (BZ#484439)\n\n* The \"sar -d\" command used to output invalid data about block devices.\nWith this update, the sar utility recognizes disk registration and disk\noverflow statistics properly, and only correct and relevant data is now\ndisplayed. (BZ#517490)\n\n* Previously, the sar utility set the maximum number of days to be logged\nin one month too high. Consequently, data from a month was appended to\ndata from the preceding month. With this update, the maximum number of days\nhas been set to 25, and data from a month now correctly replaces data from\nthe preceding month. (BZ#578929)\n\n* In previous versions of the iostat utility, the number of NFS mount\npoints was hard-coded. Consequently, various issues occurred while iostat\nwas running and NFS mount points were mounted or unmounted; certain values\nin iostat reports overflowed and some mount points were not reported at\nall. With this update, iostat properly recognizes when an NFS mount point\nmounts or unmounts, fixing these issues. (BZ#675058, BZ#706095, BZ#694767)\n\n* When a device name was longer than 13 characters, the iostat utility\nprinted a redundant new line character, making its output less readable.\nThis bug has been fixed and now, no extra characters are printed if a long\ndevice name occurs in iostat output. (BZ#604637)\n\n* Previously, if kernel interrupt counters overflowed, the sar utility\nprovided confusing output. This bug has been fixed and the sum of\ninterrupts is now reported correctly. (BZ#622557)\n\n* When some processors were disabled on a multi-processor system, the sar\nutility sometimes failed to provide information about the CPU activity.\nWith this update, the uptime of a single processor is used to compute the\nstatistics, rather than the total uptime of all processors, and this bug no\nlonger occurs. (BZ#630559)\n\n* Previously, the mpstat utility wrongly interpreted data about processors\nin the system. Consequently, it reported a processor that did not exist.\nThis bug has been fixed and non-existent CPUs are no longer reported by\nmpstat. (BZ#579409)\n\n* Previously, there was no easy way to enable the collection of statistics\nabout disks and interrupts. Now, the SADC_OPTIONS variable can be used to\nset parameters for the sadc utility, fixing this bug. (BZ#598794)\n\n* The read_uptime() function failed to close its open file upon exit. A\npatch has been provided to fix this bug. (BZ#696672)\n\nThis update also adds the following enhancement:\n\n* With this update, the cifsiostat utility has been added to the sysstat\npackage to provide CIFS (Common Internet File System) mount point I/O\nstatistics. (BZ#591530)\n\nAll sysstat users are advised to upgrade to this updated package, which\ncontains backported patches to correct these issues and add this\nenhancement.\n", "modified": "2017-09-08T12:16:03", "published": "2011-07-21T04:00:00", "id": "RHSA-2011:1005", "href": "https://access.redhat.com/errata/RHSA-2011:1005", "type": "redhat", "title": "(RHSA-2011:1005) Low: sysstat security, bug fix, and enhancement update", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:06", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3852"], "description": "[7.0.2-11]\n- Related: #716959 \n fix cve-2007-3852 - sysstat insecure temporary file usage\n[7.0.2-10]\n- Resolves: #716959\n fix cve-2007-3852 - sysstat insecure temporary file usage\n[7.0.2-9]\n- Related: #622557\n sar interrupt count goes backward\n[7.0.2-8]\n- Resolves: #694767\n iostat doesn't report statistics for shares with long names\n- Related: #703095\n iostat -n - values in output overflows - problem with long device names on\n i386\n[7.0.2-7]\n- Resolves: #706095\n iostat -n - values in output overflows\n[7.0.2-6]\n- Resolves: #696672\n cifsstat resource leak\n[7.0.2-5]\n- Resolves: #604637\n extraneous newline in iostat report for long device names\n- Resolves: #630559\n 'sar -P ALL -f xxxx' does not display activity information\n- Resolves: #591530\n add cifsiostat tool\n- Resolves: #598794\n Enable parametrization of sadc arguments\n- Resolves: #675058\n iostat: bogus value appears when device is unmounted/mounted\n- Resolves: #622557\n sar interrupt count goes backward\n[7.0.2-4]\n- Resolves: #454617\n Though function write() executed sucessful, sadc end with an error\n- Resolves: #468340\n The output of sar -I ALL/XALL is wrong in ia64 machine of RHEL5\n- Resolves: #517490\n The 'sar -d ' command outputs invalid data\n- Resolves: #578929\n March sar data was appended to February data\n- Resolves: #579409\n The sysstat's programs such as mpstat shows one extra cpu\n- Resolves: #484439\n iostat -n enhancement not report NFS client stats correctly", "edition": 4, "modified": "2011-07-31T00:00:00", "published": "2011-07-31T00:00:00", "id": "ELSA-2011-1005", "href": "http://linux.oracle.com/errata/ELSA-2011-1005.html", "title": "sysstat security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3852"], "description": "This package provides the sar and iostat commands for Linux. Sar and iostat enable system monitoring of disk, network, and other IO activity. ", "modified": "2007-08-27T14:35:53", "published": "2007-08-27T14:35:53", "id": "FEDORA:L7REZRJD023174", "href": "", "type": "fedora", "title": "[SECURITY] Fedora Core 6 Update: sysstat-7.0.0-5.fc6", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3852"], "description": "This package provides the sar and iostat commands for Linux. Sar and iostat enable system monitoring of disk, network, and other IO activity. ", "modified": "2007-08-20T16:02:59", "published": "2007-08-20T16:02:59", "id": "FEDORA:L7KG2JRV012128", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: sysstat-7.0.4-3.fc7", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-12T10:06:04", "description": " - Mon Aug 20 2007 Ivana Varekova <varekova at redhat.com>\n - 7.0.4-3\n\n - fix CVE-2007-3852 - sysstat insecure temporary file\n usage\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2007-11-06T00:00:00", "title": "Fedora 7 : sysstat-7.0.4-3.fc7 (2007-1697)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3852"], "modified": "2007-11-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:sysstat-debuginfo", "cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:sysstat"], "id": "FEDORA_2007-1697.NASL", "href": "https://www.tenable.com/plugins/nessus/27727", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-1697.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27727);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-3852\");\n script_xref(name:\"FEDORA\", value:\"2007-1697\");\n\n script_name(english:\"Fedora 7 : sysstat-7.0.4-3.fc7 (2007-1697)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Mon Aug 20 2007 Ivana Varekova <varekova at redhat.com>\n - 7.0.4-3\n\n - fix CVE-2007-3852 - sysstat insecure temporary file\n usage\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-August/003340.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c78146f6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected sysstat and / or sysstat-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:sysstat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:sysstat-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"sysstat-7.0.4-3.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"sysstat-debuginfo-7.0.4-3.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sysstat / sysstat-debuginfo\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:06:15", "description": " - Mon Aug 20 2007 Ivana Varekova <varekova at redhat.com>\n - 7.0.0-5\n\n - fix CVE-2007-3852 - sysstat insecure temporary file\n usage\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 21, "published": "2007-08-28T00:00:00", "title": "Fedora Core 6 : sysstat-7.0.0-5.fc6 (2007-675)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3852"], "modified": "2007-08-28T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:sysstat-debuginfo", "cpe:/o:fedoraproject:fedora_core:6", "p-cpe:/a:fedoraproject:fedora:sysstat"], "id": "FEDORA_2007-675.NASL", "href": "https://www.tenable.com/plugins/nessus/25941", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-675.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25941);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2007-675\");\n\n script_name(english:\"Fedora Core 6 : sysstat-7.0.0-5.fc6 (2007-675)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Mon Aug 20 2007 Ivana Varekova <varekova at redhat.com>\n - 7.0.0-5\n\n - fix CVE-2007-3852 - sysstat insecure temporary file\n usage\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-August/003419.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e6727124\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected sysstat and / or sysstat-debuginfo packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:sysstat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:sysstat-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/08/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 6.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC6\", reference:\"sysstat-7.0.0-5.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"sysstat-debuginfo-7.0.0-5.fc6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sysstat / sysstat-debuginfo\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:45:55", "description": "The sysstat package contains a set of utilities which enable system\nmonitoring of disks, network, and other I/O activity.\n\nIt was found that the sysstat initscript created a temporary file in\nan insecure way. A local attacker could use this flaw to create\narbitrary files via a symbolic link attack. (CVE-2007-3852)\n\nThis update fixes the following bugs :\n\n - On systems under heavy load, the sadc utility would\n sometimes output the following error message if a\n write() call was unable to write all of the requested\n input :\n\n'Cannot write data to system activity file: Success.'\n\nIn this updated package, the sadc utility tries to write the remaining\ninput, resolving this issue.\n\n - On the Itanium architecture, the 'sar -I' command\n provided incorrect information about the interrupt\n statistics of the system. With this update, the 'sar -I'\n command has been disabled for this architecture,\n preventing this bug.\n\n - Previously, the 'iostat -n' command used invalid data to\n create statistics for read and write operations. With\n this update, the data source for these statistics has\n been fixed, and the iostat utility now returns correct\n information.\n\n - The 'sar -d' command used to output invalid data about\n block devices. With this update, the sar utility\n recognizes disk registration and disk overflow\n statistics properly, and only correct and relevant data\n is now displayed.\n\n - Previously, the sar utility set the maximum number of\n days to be logged in one month too high. Consequently,\n data from a month was appended to data from the\n preceding month. With this update, the maximum number of\n days has been set to 25, and data from a month now\n correctly replaces data from the preceding month.\n\n - In previous versions of the iostat utility, the number\n of NFS mount points was hard-coded. Consequently,\n various issues occurred while iostat was running and NFS\n mount points were mounted or unmounted; certain values\n in iostat reports overflowed and some mount points were\n not reported at all. With this update, iostat properly\n recognizes when an NFS mount point mounts or unmounts,\n fixing these issues.\n\n - When a device name was longer than 13 characters, the\n iostat utility printed a redundant new line character,\n making its output less readable. This bug has been fixed\n and now, no extra characters are printed if a long\n device name occurs in iostat output.\n\n - Previously, if kernel interrupt counters overflowed, the\n sar utility provided confusing output. This bug has been\n fixed and the sum of interrupts is now reported\n correctly.\n\n - When some processors were disabled on a multi-processor\n system, the sar utility sometimes failed to provide\n information about the CPU activity. With this update,\n the uptime of a single processor is used to compute the\n statistics, rather than the total uptime of all\n processors, and this bug no longer occurs.\n\n - Previously, the mpstat utility wrongly interpreted data\n about processors in the system. Consequently, it\n reported a processor that did not exist. This bug has\n been fixed and non-existent CPUs are no longer reported\n by mpstat.\n\n - Previously, there was no easy way to enable the\n collection of statistics about disks and interrupts.\n Now, the SADC_OPTIONS variable can be used to set\n parameters for the sadc utility, fixing this bug.\n\n - The read_uptime() function failed to close its open file\n upon exit. A patch has been provided to fix this bug.\n\nThis update also adds the following enhancement :\n\n - With this update, the cifsiostat utility has been added\n to the sysstat package to provide CIFS (Common Internet\n File System) mount point I/O statistics.\n\nAll sysstat users are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues and add this\nenhancement.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : sysstat on SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3852"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110721_SYSSTAT_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61095", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61095);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-3852\");\n\n script_name(english:\"Scientific Linux Security Update : sysstat on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The sysstat package contains a set of utilities which enable system\nmonitoring of disks, network, and other I/O activity.\n\nIt was found that the sysstat initscript created a temporary file in\nan insecure way. A local attacker could use this flaw to create\narbitrary files via a symbolic link attack. (CVE-2007-3852)\n\nThis update fixes the following bugs :\n\n - On systems under heavy load, the sadc utility would\n sometimes output the following error message if a\n write() call was unable to write all of the requested\n input :\n\n'Cannot write data to system activity file: Success.'\n\nIn this updated package, the sadc utility tries to write the remaining\ninput, resolving this issue.\n\n - On the Itanium architecture, the 'sar -I' command\n provided incorrect information about the interrupt\n statistics of the system. With this update, the 'sar -I'\n command has been disabled for this architecture,\n preventing this bug.\n\n - Previously, the 'iostat -n' command used invalid data to\n create statistics for read and write operations. With\n this update, the data source for these statistics has\n been fixed, and the iostat utility now returns correct\n information.\n\n - The 'sar -d' command used to output invalid data about\n block devices. With this update, the sar utility\n recognizes disk registration and disk overflow\n statistics properly, and only correct and relevant data\n is now displayed.\n\n - Previously, the sar utility set the maximum number of\n days to be logged in one month too high. Consequently,\n data from a month was appended to data from the\n preceding month. With this update, the maximum number of\n days has been set to 25, and data from a month now\n correctly replaces data from the preceding month.\n\n - In previous versions of the iostat utility, the number\n of NFS mount points was hard-coded. Consequently,\n various issues occurred while iostat was running and NFS\n mount points were mounted or unmounted; certain values\n in iostat reports overflowed and some mount points were\n not reported at all. With this update, iostat properly\n recognizes when an NFS mount point mounts or unmounts,\n fixing these issues.\n\n - When a device name was longer than 13 characters, the\n iostat utility printed a redundant new line character,\n making its output less readable. This bug has been fixed\n and now, no extra characters are printed if a long\n device name occurs in iostat output.\n\n - Previously, if kernel interrupt counters overflowed, the\n sar utility provided confusing output. This bug has been\n fixed and the sum of interrupts is now reported\n correctly.\n\n - When some processors were disabled on a multi-processor\n system, the sar utility sometimes failed to provide\n information about the CPU activity. With this update,\n the uptime of a single processor is used to compute the\n statistics, rather than the total uptime of all\n processors, and this bug no longer occurs.\n\n - Previously, the mpstat utility wrongly interpreted data\n about processors in the system. Consequently, it\n reported a processor that did not exist. This bug has\n been fixed and non-existent CPUs are no longer reported\n by mpstat.\n\n - Previously, there was no easy way to enable the\n collection of statistics about disks and interrupts.\n Now, the SADC_OPTIONS variable can be used to set\n parameters for the sadc utility, fixing this bug.\n\n - The read_uptime() function failed to close its open file\n upon exit. A patch has been provided to fix this bug.\n\nThis update also adds the following enhancement :\n\n - With this update, the cifsiostat utility has been added\n to the sysstat package to provide CIFS (Common Internet\n File System) mount point I/O statistics.\n\nAll sysstat users are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues and add this\nenhancement.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1108&L=scientific-linux-errata&T=0&P=1028\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?44d82ca1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected sysstat package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"sysstat-7.0.2-11.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:09:36", "description": "An updated sysstat package that fixes one security issue, various\nbugs, and adds one enhancement is now available for Red Hat Enterprise\nLinux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe sysstat package contains a set of utilities which enable system\nmonitoring of disks, network, and other I/O activity.\n\nIt was found that the sysstat initscript created a temporary file in\nan insecure way. A local attacker could use this flaw to create\narbitrary files via a symbolic link attack. (CVE-2007-3852)\n\nThis update fixes the following bugs :\n\n* On systems under heavy load, the sadc utility would sometimes output\nthe following error message if a write() call was unable to write all\nof the requested input :\n\n'Cannot write data to system activity file: Success.'\n\nIn this updated package, the sadc utility tries to write the remaining\ninput, resolving this issue. (BZ#454617)\n\n* On the Itanium architecture, the 'sar -I' command provided incorrect\ninformation about the interrupt statistics of the system. With this\nupdate, the 'sar -I' command has been disabled for this architecture,\npreventing this bug. (BZ#468340)\n\n* Previously, the 'iostat -n' command used invalid data to create\nstatistics for read and write operations. With this update, the data\nsource for these statistics has been fixed, and the iostat utility now\nreturns correct information. (BZ#484439)\n\n* The 'sar -d' command used to output invalid data about block\ndevices. With this update, the sar utility recognizes disk\nregistration and disk overflow statistics properly, and only correct\nand relevant data is now displayed. (BZ#517490)\n\n* Previously, the sar utility set the maximum number of days to be\nlogged in one month too high. Consequently, data from a month was\nappended to data from the preceding month. With this update, the\nmaximum number of days has been set to 25, and data from a month now\ncorrectly replaces data from the preceding month. (BZ#578929)\n\n* In previous versions of the iostat utility, the number of NFS mount\npoints was hard-coded. Consequently, various issues occurred while\niostat was running and NFS mount points were mounted or unmounted;\ncertain values in iostat reports overflowed and some mount points were\nnot reported at all. With this update, iostat properly recognizes when\nan NFS mount point mounts or unmounts, fixing these issues.\n(BZ#675058, BZ#706095, BZ#694767)\n\n* When a device name was longer than 13 characters, the iostat utility\nprinted a redundant new line character, making its output less\nreadable. This bug has been fixed and now, no extra characters are\nprinted if a long device name occurs in iostat output. (BZ#604637)\n\n* Previously, if kernel interrupt counters overflowed, the sar utility\nprovided confusing output. This bug has been fixed and the sum of\ninterrupts is now reported correctly. (BZ#622557)\n\n* When some processors were disabled on a multi-processor system, the\nsar utility sometimes failed to provide information about the CPU\nactivity. With this update, the uptime of a single processor is used\nto compute the statistics, rather than the total uptime of all\nprocessors, and this bug no longer occurs. (BZ#630559)\n\n* Previously, the mpstat utility wrongly interpreted data about\nprocessors in the system. Consequently, it reported a processor that\ndid not exist. This bug has been fixed and non-existent CPUs are no\nlonger reported by mpstat. (BZ#579409)\n\n* Previously, there was no easy way to enable the collection of\nstatistics about disks and interrupts. Now, the SADC_OPTIONS variable\ncan be used to set parameters for the sadc utility, fixing this bug.\n(BZ#598794)\n\n* The read_uptime() function failed to close its open file upon exit.\nA patch has been provided to fix this bug. (BZ#696672)\n\nThis update also adds the following enhancement :\n\n* With this update, the cifsiostat utility has been added to the\nsysstat package to provide CIFS (Common Internet File System) mount\npoint I/O statistics. (BZ#591530)\n\nAll sysstat users are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues and add this\nenhancement.", "edition": 27, "published": "2011-07-22T00:00:00", "title": "RHEL 5 : sysstat (RHSA-2011:1005)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3852"], "modified": "2011-07-22T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:sysstat"], "id": "REDHAT-RHSA-2011-1005.NASL", "href": "https://www.tenable.com/plugins/nessus/55644", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1005. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55644);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-3852\");\n script_bugtraq_id(25380);\n script_xref(name:\"RHSA\", value:\"2011:1005\");\n\n script_name(english:\"RHEL 5 : sysstat (RHSA-2011:1005)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated sysstat package that fixes one security issue, various\nbugs, and adds one enhancement is now available for Red Hat Enterprise\nLinux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe sysstat package contains a set of utilities which enable system\nmonitoring of disks, network, and other I/O activity.\n\nIt was found that the sysstat initscript created a temporary file in\nan insecure way. A local attacker could use this flaw to create\narbitrary files via a symbolic link attack. (CVE-2007-3852)\n\nThis update fixes the following bugs :\n\n* On systems under heavy load, the sadc utility would sometimes output\nthe following error message if a write() call was unable to write all\nof the requested input :\n\n'Cannot write data to system activity file: Success.'\n\nIn this updated package, the sadc utility tries to write the remaining\ninput, resolving this issue. (BZ#454617)\n\n* On the Itanium architecture, the 'sar -I' command provided incorrect\ninformation about the interrupt statistics of the system. With this\nupdate, the 'sar -I' command has been disabled for this architecture,\npreventing this bug. (BZ#468340)\n\n* Previously, the 'iostat -n' command used invalid data to create\nstatistics for read and write operations. With this update, the data\nsource for these statistics has been fixed, and the iostat utility now\nreturns correct information. (BZ#484439)\n\n* The 'sar -d' command used to output invalid data about block\ndevices. With this update, the sar utility recognizes disk\nregistration and disk overflow statistics properly, and only correct\nand relevant data is now displayed. (BZ#517490)\n\n* Previously, the sar utility set the maximum number of days to be\nlogged in one month too high. Consequently, data from a month was\nappended to data from the preceding month. With this update, the\nmaximum number of days has been set to 25, and data from a month now\ncorrectly replaces data from the preceding month. (BZ#578929)\n\n* In previous versions of the iostat utility, the number of NFS mount\npoints was hard-coded. Consequently, various issues occurred while\niostat was running and NFS mount points were mounted or unmounted;\ncertain values in iostat reports overflowed and some mount points were\nnot reported at all. With this update, iostat properly recognizes when\nan NFS mount point mounts or unmounts, fixing these issues.\n(BZ#675058, BZ#706095, BZ#694767)\n\n* When a device name was longer than 13 characters, the iostat utility\nprinted a redundant new line character, making its output less\nreadable. This bug has been fixed and now, no extra characters are\nprinted if a long device name occurs in iostat output. (BZ#604637)\n\n* Previously, if kernel interrupt counters overflowed, the sar utility\nprovided confusing output. This bug has been fixed and the sum of\ninterrupts is now reported correctly. (BZ#622557)\n\n* When some processors were disabled on a multi-processor system, the\nsar utility sometimes failed to provide information about the CPU\nactivity. With this update, the uptime of a single processor is used\nto compute the statistics, rather than the total uptime of all\nprocessors, and this bug no longer occurs. (BZ#630559)\n\n* Previously, the mpstat utility wrongly interpreted data about\nprocessors in the system. Consequently, it reported a processor that\ndid not exist. This bug has been fixed and non-existent CPUs are no\nlonger reported by mpstat. (BZ#579409)\n\n* Previously, there was no easy way to enable the collection of\nstatistics about disks and interrupts. Now, the SADC_OPTIONS variable\ncan be used to set parameters for the sadc utility, fixing this bug.\n(BZ#598794)\n\n* The read_uptime() function failed to close its open file upon exit.\nA patch has been provided to fix this bug. (BZ#696672)\n\nThis update also adds the following enhancement :\n\n* With this update, the cifsiostat utility has been added to the\nsysstat package to provide CIFS (Common Internet File System) mount\npoint I/O statistics. (BZ#591530)\n\nAll sysstat users are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues and add this\nenhancement.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-3852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1005\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected sysstat package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sysstat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1005\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"sysstat-7.0.2-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"sysstat-7.0.2-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"sysstat-7.0.2-11.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sysstat\");\n }\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}]}