CVE-2007-3852

The init script sysstat.in in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code...

CVE-2007-3852

The CVE details show: sysstat up to version 7.1.6 creates /tmp/sysstat.run insecurely in the init script (sysstat.in), allowing local users to execute arbitrary code. Affected: sysstat package (components for sar/iostat), on affected Linux distros; root cause is insecure temporary file usage. mit...

CVE-2007-3852

The init script sysstat.in in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code...

CVE-2007-3852

The init script sysstat.in in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code...

[Full-Disclosure] [FLSA-2004:1372] Updated sysstat packages fix security vulnerabilities

------------------------------------------------------------------------ Fedora Legacy Update Advisory Synopsis: Updated sysstat packages fix security vulnerabilities Advisory ID: FLSA:1372 Issue date: 2004-10-03 Product: Red Hat Linux Keywords: Bugfix Cross references:...

sysstat symbolic links problem

unsafe isag utility temporary files creation...

Debian DSA-460-1 : sysstat - insecure temporary file

Alan Cox discovered that the isag utility which graphically displays data collected by the sysstat tools, creates a temporary file without taking proper precautions. This vulnerability could allow a local attacker to overwrite files with the privileges of the user invoking isag. %NASLMINLEVEL 703...

CVE-2004-0108

The CVE-2004-0108 entry concerns the isag utility (used for processing sysstat data) and describes a local privilege issue where a symlink attack on temporary files allows local users to overwrite arbitrary files. The vulnerability arises from insecure temporary file handling rather than remote e...

GLSA-200404-04 : Multiple vulnerabilities in sysstat

The remote host is affected by the vulnerability described in GLSA-200404-04 Multiple vulnerabilities in sysstat There are two vulnerabilities in the way sysstat handles symlinks: The isag utility, which displays sysstat data in a graphical format, creates a temporary file in an insecure manner...

RHEL 2.1 / 3 : sysstat (RHSA-2004:053)

Updated sysstat packages that fix various bugs and security issues are now available. Sysstat is a tool for gathering system statistics. Isag is a utility for graphically displaying these statistics. A bug was found in the Red Hat sysstat package post and trigger scripts, which used insecure...

CVE-2004-0107

The 1 post and 2 trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108...

CVE-2004-0108

The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107...

CVE-2004-0107

The 1 post and 2 trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108...

DEBIAN-CVE-2004-0108

The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107...

DEBIAN-CVE-2004-0107

The 1 post and 2 trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108...

Multiple vulnerabilities in sysstat

Background sysstat is a package containing a number of performance monitoring utilities for Linux, including sar, mpstat, iostat and sa tools Description There are two vulnerabilities in the way sysstat handles symlinks: 1. The isag utility, which displays sysstat data in a graphical format,...

[SECURITY] [DSA 460-2] New sysstat packages fix insecure temporary file creation

-------------------------------------------------------------------------- Debian Security Advisory DSA 460-2 [email protected] http://www.debian.org/security/ Matt Zimmerman April 3rd, 2004 http://www.debian.org/security/faq -...

CVE-2004-0107

The 1 post and 2 trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108...

CVE-2004-0107

The 1 post and 2 trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108...

CVE-2004-0107

CVE-2004-0107 affects sysstat up to version 4.0.7. The vulnerability is local and arises from insecure handling of temporary files in the (1) post and (2) trigger scripts, enabling a local user to overwrite arbitrary files via symlink attacks. Root cause: inadequate protections around temporary f...