Dstat is a versatile replacement for the vmstat, iostat, and netstat tools.
Dstat can be used for performance tuning tests, benchmarks, and
troubleshooting.
Robert Buchholz of the Gentoo Security Team reported a flaw in the Python
module search path used in dstat. If a local attacker could trick a
local user into running dstat from a directory containing a Python script
that is named like an importable module, they could execute arbitrary code
with the privileges of the user running dstat. (CVE-2009-3894)
All dstat users should upgrade to this updated package, which contains a
backported patch to correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | src | dstat | < 0.6.6-3.el5_4.1 | dstat-0.6.6-3.el5_4.1.src.rpm |
RedHat | 5 | noarch | dstat | < 0.6.6-3.el5_4.1 | dstat-0.6.6-3.el5_4.1.noarch.rpm |