Published: 15/04/2004 Updated: 10/10/2017

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat sysstat 4.0.7-3
sysstat sysstat 4.1.4
sysstat sysstat 4.1.5
sysstat sysstat 4.1.2
sysstat sysstat 4.1.3
sysstat sysstat 4.0.7
sysstat sysstat 4.1.1
sysstat sysstat 5.0.1
sgi propack 2.3
sgi propack 2.4
sysstat sysstat 4.1.6
sysstat sysstat 4.1.7

Alan Cox discovered that the isag utility (which graphically displays data collected by the sysstat tools), creates a temporary file without taking proper precautions This vulnerability could allow a local attacker to overwrite files with the privileges of the user invoking isag For the current stable distribution (woody) this problem has been fi ...

NVD-CWE-Other http://www.redhat.com/support/errata/RHSA-2004-053.html ftp://patches.sgi.com/support/free/security/advisories/20040302-01-U.asc http://www.securityfocus.com/bid/9844 http://www.debian.org/security/2004/dsa-460 https://exchange.xforce.ibmcloud.com/vulnerabilities/15437 https://nvd.nist.gov https://www.debian.org/security/./dsa-460

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2004-0108

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect