CVE-2004-0108
published 2004-04-15CVE-2004-0108: The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different…
PriorityP411medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EPSS
0.36%
27.8th percentile
The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | sysstat | < sysstat 5.0.2-1 (bookworm) | sysstat 5.0.2-1 (bookworm) |
| redhat | sysstat | — | — |
| sgi | propack | — | — |
| sgi | propack | — | — |
| sysstat | sysstat | — | — |
| sysstat | sysstat | — | — |
| sysstat | sysstat | — | — |
| sysstat | sysstat | — | — |
| sysstat | sysstat | — | — |
| sysstat | sysstat | — | — |
| sysstat | sysstat | — | — |
| sysstat | sysstat | — | — |
| sysstat | sysstat | — | — |
| sysstat | sysstat | >= 0 < 5.0.2-1 | 5.0.2-1 |
| sysstat | sysstat | >= 0 < 5.0.2-1 | 5.0.2-1 |
| sysstat | sysstat | >= 0 < 5.0.2-1 | 5.0.2-1 |
| sysstat | sysstat | >= 0 < 5.0.2-1 | 5.0.2-1 |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6MEDIUM
vendor_redhat4.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3hhr-4c49-xc95: The (1) post and (2) trigger scripts in sysstat 4
ghsa_unreviewed·2022-05-03·CVSS 4.6
CVE-2004-0107 [MEDIUM] GHSA-3hhr-4c49-xc95: The (1) post and (2) trigger scripts in sysstat 4
The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108.
GHSA
GHSA-766c-9vwj-c5fw: The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different v
ghsa_unreviewed·2022-05-03
CVE-2004-0108 [MEDIUM] GHSA-766c-9vwj-c5fw: The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different v
The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107.
OSV
CVE-2004-0108: The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different v
osv·2004-04-15·CVSS 4.6
CVE-2004-0108 [MEDIUM] CVE-2004-0108: The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different v
The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107.
OSV
CVE-2004-0107: The (1) post and (2) trigger scripts in sysstat 4
osv·2004-04-15·CVSS 4.6
CVE-2004-0107 [MEDIUM] CVE-2004-0107: The (1) post and (2) trigger scripts in sysstat 4
The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108.
Red Hat
security flaw
vendor_redhat·2004-03-10·CVSS 4.6
CVE-2004-0107 [MEDIUM] security flaw
security flaw
The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108.
Red Hat
security flaw
vendor_redhat·2004-03-10·CVSS 4.6
CVE-2004-0108 [MEDIUM] security flaw
security flaw
The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107.
Debian
CVE-2004-0107: sysstat - The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local us...
vendor_debian·2004·CVSS 4.6
CVE-2004-0107 [MEDIUM] CVE-2004-0107: sysstat - The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local us...
The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108.
Scope: local
bookworm: resolved (fixed in 5.0.2-1)
bullseye: resolved (fixed in 5.0.2-1)
forky: resolved (fixed in 5.0.2-1)
sid: resolved (fixed in 5.0.2-1)
trixie: resolved (fixed in 5.0.2-1)
Debian
CVE-2004-0108: sysstat - The isag utility, which processes sysstat data, allows local users to overwrite ...
vendor_debian·2004·CVSS 4.6
CVE-2004-0108 [MEDIUM] CVE-2004-0108: sysstat - The isag utility, which processes sysstat data, allows local users to overwrite ...
The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107.
Scope: local
bookworm: resolved (fixed in 5.0.2-1)
bullseye: resolved (fixed in 5.0.2-1)
forky: resolved (fixed in 5.0.2-1)
sid: resolved (fixed in 5.0.2-1)
trixie: resolved (fixed in 5.0.2-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2004-0108 security flaw
bugzilla·2018-08-16·CVSS 4.6
CVE-2004-0108 [MEDIUM] CVE-2004-0108 security flaw
CVE-2004-0108 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107.
Bugzilla
CVE-2004-0107 security flaw
bugzilla·2018-08-16·CVSS 4.6
CVE-2004-0107 [MEDIUM] CVE-2004-0107 security flaw
CVE-2004-0107 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108.
ftp://patches.sgi.com/support/free/security/advisories/20040302-01-U.aschttp://www.debian.org/security/2004/dsa-460http://www.redhat.com/support/errata/RHSA-2004-053.htmlhttp://www.securityfocus.com/bid/9844https://exchange.xforce.ibmcloud.com/vulnerabilities/15437ftp://patches.sgi.com/support/free/security/advisories/20040302-01-U.aschttp://www.debian.org/security/2004/dsa-460http://www.redhat.com/support/errata/RHSA-2004-053.htmlhttp://www.securityfocus.com/bid/9844https://exchange.xforce.ibmcloud.com/vulnerabilities/15437
2004-04-15
Published