CVE-2007-3852

Published Aug 14, 2007

Last updated 2 years ago

CVSS info 4.4

Overview

Description: The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.4
Impact score: 6.4
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Vendor comments

Red HatThis issue did not affect the versions of sysstat as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. For Red Hat Enterprise Linux 5, Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251200 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sysstat:sysstat:5.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32CD4705-19AC-4206-9BEF-B3AA990454F2"
          },
          {
            "criteria": "cpe:2.3:a:sysstat:sysstat:5.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7F70CFB-2ADC-4200-8FD0-182FA66AAA2B"
          },
          {
            "criteria": "cpe:2.3:a:sysstat:sysstat:5.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4340FE60-FEF1-4963-8815-D70C2B1E3200"
          },
          {
            "criteria": "cpe:2.3:a:sysstat:sysstat:5.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EDFB9169-E45A-4EBA-9886-85F62F57402E"
          },
          {
            "criteria": "cpe:2.3:a:sysstat:sysstat:6.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14D823DF-8E61-4BA5-B9B6-8DBADFDDF4ED"
          },
          {
            "criteria": "cpe:2.3:a:sysstat:sysstat:6.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA29CC09-F246-479C-85A6-082E7DBD825B"
          },
          {
            "criteria": "cpe:2.3:a:sysstat:sysstat:6.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1A318D2-675D-46E8-A0A0-F4CFA531F5B2"
          },
          {
            "criteria": "cpe:2.3:a:sysstat:sysstat:6.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55EF88AF-E44D-42FB-B4C9-3B88A6FC0B11"
          },
          {
            "criteria": "cpe:2.3:a:sysstat:sysstat:6.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD4F2BD8-ED83-4B53-8E97-84BAA1CEA911"
          },
          {
            "criteria": "cpe:2.3:a:sysstat:sysstat:6.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3FC0732-FAB9-4DED-94A7-EF605162834B"
          },
          {
            "criteria": "cpe:2.3:a:sysstat:sysstat:7.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D4F62C9-7935-4B09-9279-1026F4E109DA"
          },
          {
            "criteria": "cpe:2.3:a:sysstat:sysstat:7.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9CB8D001-6219-44BB-A71C-440F52A3430A"
          },
          {
            "criteria": "cpe:2.3:a:sysstat:sysstat:7.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD6BEB86-118F-40AB-BABA-AC26B8FBA30F"
          },
          {
            "criteria": "cpe:2.3:a:sysstat:sysstat:7.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7BD7CD22-7CD3-4829-8BF9-5375A562A039"
          },
          {
            "criteria": "cpe:2.3:a:sysstat:sysstat:7.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A4D6E46-2281-4A6B-A1C2-048352A7C1BA"
          },
          {
            "criteria": "cpe:2.3:a:sysstat:sysstat:7.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9BC25B8-9D00-46D4-AF3D-4ABD53927FC4"
          },
          {
            "criteria": "cpe:2.3:a:sysstat:sysstat:7.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB703663-DB5D-4BB9-83DF-CEDC163E0265"
          },
          {
            "criteria": "cpe:2.3:a:sysstat:sysstat:7.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EDD358ED-89BA-472E-A908-C25F81AAA954"
          },
          {
            "criteria": "cpe:2.3:a:sysstat:sysstat:7.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA47ADFC-D33C-461B-830A-7B2C448AA263"
          },
          {
            "criteria": "cpe:2.3:a:sysstat:sysstat:7.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FDF3D513-A79F-453F-9E5E-CB3A043EFEAE"
          },
          {
            "criteria": "cpe:2.3:a:sysstat:sysstat:7.1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "793C580B-A8C2-423B-AB3C-5954B00D39DD"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Vendor comments

Configurations

References