Description
The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107.
Affected products
- RedHat / sysstat4.0.7-3 – 4.0.7-3
- sgi / propack2.3 – 2.3
- sgi / propack2.4 – 2.4
- sysstat / sysstat4.0.7 – 4.0.7
- sysstat / sysstat4.1.1 – 4.1.1
- sysstat / sysstat4.1.2 – 4.1.2
- sysstat / sysstat4.1.3 – 4.1.3
- sysstat / sysstat4.1.4 – 4.1.4
- sysstat / sysstat4.1.5 – 4.1.5
- sysstat / sysstat4.1.6 – 4.1.6
- sysstat / sysstat4.1.7 – 4.1.7
- sysstat / sysstat5.0.1 – 5.0.1
References
- VENDOR_ADVISORYftp://patches.sgi.com/support/free/security/advisories/20040302-01-U.asc
- MISChttp://www.redhat.com/support/errata/RHSA-2004-053.html
- VENDOR_ADVISORYhttp://www.debian.org/security/2004/dsa-460
- MISChttp://www.securityfocus.com/bid/9844
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/15437