CVE-2023-33204 – sysstat: check_overflow() function can work incorrectly that lead to an overflow
https://notcve.org/view.php?id=CVE-2023-33204
sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377. A vulnerability was found in sysstat. This security flaw happens because it allows a multiplication integer overflow in check_overflow in common.c. This issue exists due to an incomplete fix for CVE-2022-39377. • https://github.com/sysstat/sysstat/pull/360 https://lists.debian.org/debian-lts-announce/2023/05/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7UUEKMNDMC6RZTI4O367ZD2YKCOX5THX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NUBFX3UNOSM7KFUIB3J32ASYT5ZRXJQV https://access.redhat.com/security/cve/CVE-2023-33204 https://bugzilla.redhat.com/show_bug.cgi?id=2208270 • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •
CVE-2019-19725
https://notcve.org/view.php?id=CVE-2019-19725
sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c. sysstat versiones hasta 12.2.0, presenta una doble liberación en la función check_file_actlst en el archivo sa_common.c. • https://github.com/sysstat/sysstat/issues/242 https://lists.debian.org/debian-lts-announce/2022/11/msg00014.html https://security.gentoo.org/glsa/202007-22 https://usn.ubuntu.com/4242-1 • CWE-415: Double Free •
CVE-2019-16167 – sysstat: memory corruption due to an integer overflow in remap_struct in sa_common.c
https://notcve.org/view.php?id=CVE-2019-16167
sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. sysstat versiones anteriores a 12.1.6, presenta una corrupción de la memoria debido a un desbordamiento de enteros en la función remap_struct() en el archivo sa_common.c. An integer overflow vulnerability was found in sysstat in the way the `sadf` command processes the contents of data files created by the `sar` command. A local attacker could exploit this flaw by creating a specially crafted file with malformed data that, when loaded by a victim, causes the application to crash. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00067.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00068.html https://github.com/sysstat/sysstat/compare/v12.1.5...v12.1.6 https://github.com/sysstat/sysstat/issues/230 https://lists.debian.org/debian-lts-announce/2022/11/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVSMKUPWIGQYX4G5LZXL7ZBJN3KY6RM3 https://usn.ubuntu.com/4242-1 https://access • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVE-2004-0108
https://notcve.org/view.php?id=CVE-2004-0108
The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107. El útil isag, que procesa datos de sysstat, permite a usuarios locales sobreescribir ficheros arbitrarios mediante un ataque de enlaces simbólicos en ficheros temporales, una vulnverabilidad distinta de CAN-2004-0107. • ftp://patches.sgi.com/support/free/security/advisories/20040302-01-U.asc http://www.debian.org/security/2004/dsa-460 http://www.redhat.com/support/errata/RHSA-2004-053.html http://www.securityfocus.com/bid/9844 https://exchange.xforce.ibmcloud.com/vulnerabilities/15437 https://access.redhat.com/security/cve/CVE-2004-0108 https://bugzilla.redhat.com/show_bug.cgi?id=1617153 •
CVE-2004-0107
https://notcve.org/view.php?id=CVE-2004-0107
The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108. Los scrpits (1) post y (2) trigger en sysstat 4.0.7 y anteriores permiten a usuarios locales sobreescribir ficheros arbitrarios mediante ataques de enlaces simbólicos en ficheros temporales, una vulnerabilidad distinta de CAN-2004-0108. • ftp://patches.sgi.com/support/free/security/advisories/20040302-01-U.asc http://www.ciac.org/ciac/bulletins/o-097.shtml http://www.osvdb.org/6884 http://www.redhat.com/support/errata/RHSA-2004-053.html http://www.redhat.com/support/errata/RHSA-2004-093.html http://www.securityfocus.com/bid/9838 https://exchange.xforce.ibmcloud.com/vulnerabilities/15428 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10737 https://oval.cisecurity.org/reposi •