From a24567fbc43f221b14e805f9bc0b7c6d16911c46 Mon Sep 17 00:00:00 2001 From: Alex Legler Date: Sun, 8 Mar 2015 22:02:38 +0100 Subject: Import existing advisories --- glsa-200404-04.xml | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 glsa-200404-04.xml (limited to 'glsa-200404-04.xml') diff --git a/glsa-200404-04.xml b/glsa-200404-04.xml new file mode 100644 index 00000000..862c1362 --- /dev/null +++ b/glsa-200404-04.xml @@ -0,0 +1,68 @@ + + + + + + + Multiple vulnerabilities in sysstat + + Multiple vulnerabilities in the way sysstat handles symlinks may allow an + attacker to execute arbitrary code or overwrite arbitrary files + + sysstat + April 06, 2004 + April 06, 2004: 01 + 45159 + local + + + 5.0.2 + 5.0.2 + + + +

+ sysstat is a package containing a number of performance monitoring + utilities for Linux, including sar, mpstat, iostat and sa tools +

+ + +

+ There are two vulnerabilities in the way sysstat handles symlinks: +

+
    +
  1. The isag utility, which displays sysstat data in a graphical format, + creates a temporary file in an insecure manner.
    2. +
  2. Two scripts in the sysstat package, post and trigger, create temporary + files in an insecure manner.
    3. +
+ + +

+ Both vulnerabilities may allow an attacker to overwrite arbitrary files + under the permissions of the user executing any of the affected + utilities. +

+ + +

+ A workaround is not currently known for this issue. All users are advised + to upgrade to the latest version of the affected package. +

+ + +

+ Systat users should upgrade to version 4.2 or later: +

+ + # emerge sync + + # emerge -pv ">=app-admin/sysstat-5.0.2" + # emerge ">=app-admin/sysstat-5.0.2" + + + CVE (1) + CVE (2) + + klieber + -- cgit v1.2.3-65-gdbad