Vulnerabilities > CVE-2004-0107
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 2 | |
| Application | 9 |
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-053.NASL description Updated sysstat packages that fix various bugs and security issues are now available. Sysstat is a tool for gathering system statistics. Isag is a utility for graphically displaying these statistics. A bug was found in the Red Hat sysstat package post and trigger scripts, which used insecure temporary file names. A local attacker could overwrite system files using carefully-crafted symbolic links in the /tmp directory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0107 to this issue. While fixing this issue, a flaw was discovered in the isag utility, which also used insecure temporary file names. A local attacker could overwrite files that the user running isag has write access to using carefully-crafted symbolic links in the /tmp directory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0108 to this issue. Other issues addressed in this advisory include : * iostat -x should return all partitions on the system (up to a maximum of 1024) * sar should handle network device names with more than 8 characters properly * mpstat should work correctly with more than 7 CPUs as well as generate correct statistics when accessing individual CPUs. This issue only affected Red Hat Enterprise Linux 2.1 * The sysstat package was not built with the proper dependencies; therefore, it was possible that isag could not be run because the necessary tools were not available. Therefore, isag was split off into its own subpackage with the required dependencies in place. This issue only affects Red Hat Enterprise Linux 2.1. Users of sysstat and isag should upgrade to these updated packages, which contain patches to correct these issues. NOTE: In order to use isag on Red Hat Enterprise Linux 2.1, you must install the sysstat-isag package after upgrading. last seen 2020-06-01 modified 2020-06-02 plugin id 12462 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12462 title RHEL 2.1 / 3 : sysstat (RHSA-2004:053) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200404-04.NASL description The remote host is affected by the vulnerability described in GLSA-200404-04 (Multiple vulnerabilities in sysstat) There are two vulnerabilities in the way sysstat handles symlinks: The isag utility, which displays sysstat data in a graphical format, creates a temporary file in an insecure manner. Two scripts in the sysstat package, post and trigger, create temporary files in an insecure manner. Impact : Both vulnerabilities may allow an attacker to overwrite arbitrary files under the permissions of the user executing any of the affected utilities. Workaround : A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package. last seen 2020-06-01 modified 2020-06-02 plugin id 14469 published 2004-08-30 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14469 title GLSA-200404-04 : Multiple vulnerabilities in sysstat
Oval
accepted 2013-04-29T04:08:14.244-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651
description The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108. family unix id oval:org.mitre.oval:def:10737 status accepted submitted 2010-07-09T03:56:16-04:00 title The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108. version 26 accepted 2007-04-25T19:53:00.342-04:00 class vulnerability contributors name Jay Beale organization Bastille Linux name Matt Busby organization The MITRE Corporation name Thomas R. Jones organization Maitreya Security
description The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108. family unix id oval:org.mitre.oval:def:849 status accepted submitted 2004-03-20T12:00:00.000-04:00 title Red Hat sysstat port and trigger Scripts symlink Attack Vulnerability version 38 accepted 2007-04-25T19:53:03.313-04:00 class vulnerability contributors name Jay Beale organization Bastille Linux name Matt Busby organization The MITRE Corporation name Matt Busby organization The MITRE Corporation name Thomas R. Jones organization Maitreya Security
description The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108. family unix id oval:org.mitre.oval:def:862 status accepted submitted 2004-03-20T12:00:00.000-04:00 title Red Hat Enterprise 3 sysstat port and trigger Scripts symlink Attack Vulnerability version 38
Redhat
| advisories |
| ||||||||
| rpms |
|
References
- ftp://patches.sgi.com/support/free/security/advisories/20040302-01-U.asc
- http://www.ciac.org/ciac/bulletins/o-097.shtml
- http://www.osvdb.org/6884
- http://www.redhat.com/support/errata/RHSA-2004-053.html
- http://www.redhat.com/support/errata/RHSA-2004-093.html
- http://www.securityfocus.com/bid/9838
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15428
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10737
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A849
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A862