CVE-2018-19416
https://notcve.org/view.php?id=CVE-2018-19416
An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memmove call, as demonstrated by sadf. Se ha descubierto un problema en sysstat 12.1.1. La función remap_struct en sa_common.c tiene una lectura fuera de límites durante una llamada memmove, tal y como queda demostrado con sadf. • http://www.securityfocus.com/bid/106010 https://github.com/sysstat/sysstat/issues/196 • CWE-125: Out-of-bounds Read •
CVE-2007-3852 – sysstat insecure temporary file usage
https://notcve.org/view.php?id=CVE-2007-3852
The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code. El script init (sysstat.in) en sysstat versiones 5.1.2 hasta 7.1.6, crea de manera no segura el archivo /tmp/sysstat.run, lo que permite a usuarios locales ejecutar código arbitrario. • http://osvdb.org/39709 http://secunia.com/advisories/26527 http://www.redhat.com/support/errata/RHSA-2011-1005.html http://www.securityfocus.com/bid/25380 https://bugs.gentoo.org/show_bug.cgi?id=188808 https://exchange.xforce.ibmcloud.com/vulnerabilities/36045 https://access.redhat.com/security/cve/CVE-2007-3852 https://bugzilla.redhat.com/show_bug.cgi?id=251200 • CWE-264: Permissions, Privileges, and Access Controls CWE-377: Insecure Temporary File •
CVE-2004-0108
https://notcve.org/view.php?id=CVE-2004-0108
The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107. El útil isag, que procesa datos de sysstat, permite a usuarios locales sobreescribir ficheros arbitrarios mediante un ataque de enlaces simbólicos en ficheros temporales, una vulnverabilidad distinta de CAN-2004-0107. • ftp://patches.sgi.com/support/free/security/advisories/20040302-01-U.asc http://www.debian.org/security/2004/dsa-460 http://www.redhat.com/support/errata/RHSA-2004-053.html http://www.securityfocus.com/bid/9844 https://exchange.xforce.ibmcloud.com/vulnerabilities/15437 https://access.redhat.com/security/cve/CVE-2004-0108 https://bugzilla.redhat.com/show_bug.cgi?id=1617153 •
CVE-2004-0107
https://notcve.org/view.php?id=CVE-2004-0107
The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108. Los scrpits (1) post y (2) trigger en sysstat 4.0.7 y anteriores permiten a usuarios locales sobreescribir ficheros arbitrarios mediante ataques de enlaces simbólicos en ficheros temporales, una vulnerabilidad distinta de CAN-2004-0108. • ftp://patches.sgi.com/support/free/security/advisories/20040302-01-U.asc http://www.ciac.org/ciac/bulletins/o-097.shtml http://www.osvdb.org/6884 http://www.redhat.com/support/errata/RHSA-2004-053.html http://www.redhat.com/support/errata/RHSA-2004-093.html http://www.securityfocus.com/bid/9838 https://exchange.xforce.ibmcloud.com/vulnerabilities/15428 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10737 https://oval.cisecurity.org/reposi •