Vulnerabilities > CVE-2004-0108
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 2 | |
| Application | 9 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-460.NASL description Alan Cox discovered that the isag utility (which graphically displays data collected by the sysstat tools), creates a temporary file without taking proper precautions. This vulnerability could allow a local attacker to overwrite files with the privileges of the user invoking isag. last seen 2020-06-01 modified 2020-06-02 plugin id 15297 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15297 title Debian DSA-460-1 : sysstat - insecure temporary file code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-460. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15297); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:17"); script_cve_id("CVE-2004-0108"); script_bugtraq_id(9844); script_xref(name:"DSA", value:"460"); script_name(english:"Debian DSA-460-1 : sysstat - insecure temporary file"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Alan Cox discovered that the isag utility (which graphically displays data collected by the sysstat tools), creates a temporary file without taking proper precautions. This vulnerability could allow a local attacker to overwrite files with the privileges of the user invoking isag." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2004/dsa-460" ); script_set_attribute( attribute:"solution", value: "For the current stable distribution (woody) this problem has been fixed in version 5.0.1-1. We recommend that you update your sysstat package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sysstat"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2004/03/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"isag", reference:"4.0.4-1woody1")) flag++; if (deb_check(release:"3.0", prefix:"sysstat", reference:"4.0.4-1woody1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-053.NASL description Updated sysstat packages that fix various bugs and security issues are now available. Sysstat is a tool for gathering system statistics. Isag is a utility for graphically displaying these statistics. A bug was found in the Red Hat sysstat package post and trigger scripts, which used insecure temporary file names. A local attacker could overwrite system files using carefully-crafted symbolic links in the /tmp directory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0107 to this issue. While fixing this issue, a flaw was discovered in the isag utility, which also used insecure temporary file names. A local attacker could overwrite files that the user running isag has write access to using carefully-crafted symbolic links in the /tmp directory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0108 to this issue. Other issues addressed in this advisory include : * iostat -x should return all partitions on the system (up to a maximum of 1024) * sar should handle network device names with more than 8 characters properly * mpstat should work correctly with more than 7 CPUs as well as generate correct statistics when accessing individual CPUs. This issue only affected Red Hat Enterprise Linux 2.1 * The sysstat package was not built with the proper dependencies; therefore, it was possible that isag could not be run because the necessary tools were not available. Therefore, isag was split off into its own subpackage with the required dependencies in place. This issue only affects Red Hat Enterprise Linux 2.1. Users of sysstat and isag should upgrade to these updated packages, which contain patches to correct these issues. NOTE: In order to use isag on Red Hat Enterprise Linux 2.1, you must install the sysstat-isag package after upgrading. last seen 2020-06-01 modified 2020-06-02 plugin id 12462 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12462 title RHEL 2.1 / 3 : sysstat (RHSA-2004:053) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200404-04.NASL description The remote host is affected by the vulnerability described in GLSA-200404-04 (Multiple vulnerabilities in sysstat) There are two vulnerabilities in the way sysstat handles symlinks: The isag utility, which displays sysstat data in a graphical format, creates a temporary file in an insecure manner. Two scripts in the sysstat package, post and trigger, create temporary files in an insecure manner. Impact : Both vulnerabilities may allow an attacker to overwrite arbitrary files under the permissions of the user executing any of the affected utilities. Workaround : A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package. last seen 2020-06-01 modified 2020-06-02 plugin id 14469 published 2004-08-30 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14469 title GLSA-200404-04 : Multiple vulnerabilities in sysstat
Redhat
| advisories |
| ||||
| rpms |
|