CVE-2004-0108

9 documents7 sources
Severity
4.6MEDIUM
EPSS
0.1%
top 77.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Redhat SysstatSGI PropackSysstat Sysstat
Timeline
PublishedApr 15
Latest updateMay 3

Description

The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages4 packages

Debiansysstat< 5.0.2-1+3
NVDredhat/sysstat4.0.7-3
NVDsysstat/sysstat9 versions+8
NVDsgi/propack2.3, 2.4+1

Patches

Patch: patches.sgi.comPatch: www.redhat.comPatch: www.securityfocus.com

🔴Vulnerability Details

3
GHSA
GHSA-766c-9vwj-c5fw: The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different v2022-05-03
CVEList
CVE-2004-0108: The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different v2004-09-01
OSV
CVE-2004-0108: The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different v2004-04-15

📋Vendor Advisories

3
Red Hat
security flaw2004-03-10
Red Hat
security flaw2004-03-10
Debian
CVE-2004-0108: sysstat - The isag utility, which processes sysstat data, allows local users to overwrite ...2004

💬Community

2
Bugzilla
CVE-2004-0108 security flaw2018-08-16
Bugzilla
CVE-2004-0107 security flaw2018-08-16
CVE-2004-0108 (MEDIUM CVSS 4.6) | The isag utility | cvebase.io