PT-2019-5410 · Sysstat+4 · Sysstat+4

Rkx1209

Published

2019-12-11

Updated

2024-06-15

CVE-2019-19725

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions sysstat versions prior to 12.2.0

Description The issue is related to a double free error in the check file actlst function of the sysstat utility, which can be exploited by a remote attacker to execute arbitrary code or cause a denial of service.

Recommendations For sysstat versions prior to 12.2.0, update to version 12.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the check file actlst function in sa common.c until a patch is available.

Exploit

Fix

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415CWE-672

Related Identifiers

ALT-PU-2020-3464

ALT-PU-2020-3493

ALT-PU-2021-2132

BDU:2020-02852

CVE-2019-19725

DLA-3188-1

MGASA-2020-0064

OPENSUSE-SU-2020:0736-1

OPENSUSE-SU-2020_0736-1

OPENSUSE-SU-2024:11419-1

SUSE-SU-2020:0026-1

SUSE-SU-2020:0026-2

SUSE-SU-2020:1419-1

SUSE-SU-2020_0026-1

SUSE-SU-2020_0026-2

SUSE-SU-2020_1419-1

USN-4242-1

Affected Products

Alt Linux

Astra Linux

Suse

Ubuntu

Sysstat

PT-2019-5410 · Sysstat+4 · Sysstat+4

CVE-2019-19725

Weakness Enumeration

Related Identifiers

Affected Products

References · 42