CVE-2004-0107

Current Description

The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108.

Basic Data

PublishedApril 15, 2004
Last ModifiedOctober 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score4.6
SeverityMEDIUM
Exploitability Score3.9
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatSysstat4.0.7-3*i386*****
    2.3ApplicationSgiPropack2.3*******
    2.3ApplicationSgiPropack2.4*******
    2.3ApplicationSysstatSysstat4.0.7*******
    2.3ApplicationSysstatSysstat4.1.1*******
    2.3ApplicationSysstatSysstat4.1.2*******
    2.3ApplicationSysstatSysstat4.1.3*******
    2.3ApplicationSysstatSysstat4.1.4*******
    2.3ApplicationSysstatSysstat4.1.5*******
    2.3ApplicationSysstatSysstat4.1.6*******
    2.3ApplicationSysstatSysstat4.1.7*******
    2.3ApplicationSysstatSysstat5.0.1*******

Vulnerable Software List

VendorProductVersions
Redhat Sysstat 4.0.7-3
Sgi Propack 2.3, 2.4
Sysstat Sysstat 4.0.7, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.7, 5.0.1

References

NameSourceURLTags
20040302-01-Uftp://patches.sgi.com/support/free/security/advisories/20040302-01-U.ascSGIPATCH
O-097http://www.ciac.org/ciac/bulletins/o-097.shtmlCIAC
6884http://www.osvdb.org/6884OSVDB
RHSA-2004:053http://www.redhat.com/support/errata/RHSA-2004-053.htmlREDHATPATCH Vendor Advisory
RHSA-2004:093http://www.redhat.com/support/errata/RHSA-2004-093.htmlREDHAT
9838http://www.securityfocus.com/bid/9838BIDPATCH Vendor Advisory
sysstat-post-trigger-symlink(15428)https://exchange.xforce.ibmcloud.com/vulnerabilities/15428XF
oval:org.mitre.oval:def:10737https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10737OVAL
oval:org.mitre.oval:def:849https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A849OVAL
oval:org.mitre.oval:def:862https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A862OVAL