PT-2007-1152 · Sysstat+2 · Sysstat+2

Julien L

Published

2007-08-14

Updated

2024-06-15

CVE-2007-3852

CVSS v2.0

4.4

Medium

Vector

AV:L/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: sysstat versions 5.1.2 through 7.1.6

Description: The issue is related to the creation of an insecure script by the init script sysstat.in in sysstat, allowing local users to execute arbitrary code. This can potentially lead to unauthorized access to confidential data, disruption of data integrity, and denial of service.

Recommendations: For sysstat versions 5.1.2 through 7.1.6, consider restricting access to the sysstat.in script until a secure version is available. As a temporary workaround, avoid using the sysstat.in script to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2018-2754

ALT-PU-2018-2755

ALT-PU-2018-2814

BDU:2020-02848

CVE-2007-3852

OPENSUSE-SU-2024:11419-1

RHSA-2011:1005

RHSA-2011_1005

Affected Products

Alt Linux

Red Hat

Sysstat

PT-2007-1152 · Sysstat+2 · Sysstat+2

CVE-2007-3852

Weakness Enumeration

Related Identifiers

Affected Products

References · 45