Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0107

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2004-0107
Last Modified 21 Aug 2010 12:19:34
Published 15 Apr 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-0107

Summary

The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108.

Vulnerable Systems

Application

  • Redhat Sysstat 4.0.7-3

  • Sgi Propack 2.3

  • Sgi Propack 2.4

  • Sysstat 4.0.7

  • Sysstat 4.1.1

  • Sysstat 4.1.2

  • Sysstat 4.1.3

  • Sysstat 4.1.4

  • Sysstat 4.1.5

  • Sysstat 4.1.6

  • Sysstat 4.1.7

  • Sysstat 5.0.1


References

BID - 9838

REDHAT - RHSA-2004:053

SGI - 20040302-01-U

XF - sysstat-post-trigger-symlink(15428)

REDHAT - RHSA-2004:093

OSVDB - 6884

CIAC - O-097


Last Updated: 27 May 2016 10:38:28