CVE-2007-3852
Published Aug 14, 2007
Last updated 2 years ago
Overview
- Description
- The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.
- Source
- secalert@redhat.com
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.4
- Impact score
- 6.4
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-264
Social media
- Hype score
- Not currently trending
Vendor comments
- Red HatThis issue did not affect the versions of sysstat as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. For Red Hat Enterprise Linux 5, Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251200 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sysstat:sysstat:5.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "32CD4705-19AC-4206-9BEF-B3AA990454F2"
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:5.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D7F70CFB-2ADC-4200-8FD0-182FA66AAA2B"
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:5.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4340FE60-FEF1-4963-8815-D70C2B1E3200"
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:5.1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EDFB9169-E45A-4EBA-9886-85F62F57402E"
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:6.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "14D823DF-8E61-4BA5-B9B6-8DBADFDDF4ED"
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:6.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DA29CC09-F246-479C-85A6-082E7DBD825B"
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:6.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B1A318D2-675D-46E8-A0A0-F4CFA531F5B2"
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:6.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "55EF88AF-E44D-42FB-B4C9-3B88A6FC0B11"
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:6.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD4F2BD8-ED83-4B53-8E97-84BAA1CEA911"
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:6.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C3FC0732-FAB9-4DED-94A7-EF605162834B"
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:7.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0D4F62C9-7935-4B09-9279-1026F4E109DA"
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:7.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9CB8D001-6219-44BB-A71C-440F52A3430A"
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:7.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FD6BEB86-118F-40AB-BABA-AC26B8FBA30F"
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:7.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7BD7CD22-7CD3-4829-8BF9-5375A562A039"
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:7.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8A4D6E46-2281-4A6B-A1C2-048352A7C1BA"
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:7.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D9BC25B8-9D00-46D4-AF3D-4ABD53927FC4"
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:7.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EB703663-DB5D-4BB9-83DF-CEDC163E0265"
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:7.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EDD358ED-89BA-472E-A908-C25F81AAA954"
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:7.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA47ADFC-D33C-461B-830A-7B2C448AA263"
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:7.1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FDF3D513-A79F-453F-9E5E-CB3A043EFEAE"
},
{
"criteria": "cpe:2.3:a:sysstat:sysstat:7.1.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "793C580B-A8C2-423B-AB3C-5954B00D39DD"
}
],
"operator": "OR"
}
]
}
]