CVE-2007-3852Insecure Temporary File in Sysstat

CWE-264CWE-377Insecure Temporary File8 documents6 sources
Severity
4.4MEDIUMNVD
EPSS
0.1%
top 64.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SysstatDebian Sysstat
Timeline
PublishedAug 14
Latest updateMay 1

Description

The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages2 packages

NVDsysstat/sysstat21 versions+20

🔴Vulnerability Details

2
GHSA
GHSA-r5hc-32f3-wh4r: The init script (sysstat2022-05-01
Kernel
namei: allow restricted O_CREAT of FIFOs and regular files2018-08-23

📋Vendor Advisories

2
Red Hat
sysstat insecure temporary file usage2007-08-10
Debian
CVE-2007-3852: sysstat - The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.r...2007

💬Community

3
Bugzilla
CVE-2007-3852 sysstat insecure temporary file usage [F7]2007-08-15
Bugzilla
CVE-2007-3852 sysstat insecure temporary file usage [FC6]2007-08-15
Bugzilla
CVE-2007-3852 sysstat insecure temporary file usage2007-08-07