Create an account

Subscribe to LWN

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Weekly edition	Kernel	Security	Distributions	Contact Us	Search
Archives	Calendar	Subscribe	Write for LWN	LWN.net FAQ	Sponsors

sysstat: insecure temporary files

Package(s):

sysstat

CVE #(s):

CVE-2007-3852

Created:

August 20, 2007

Updated:

September 23, 2011

Description:

The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.

Alerts:

CentOS	CESA-2011:1005	2011-09-22
Scientific Linux	SL-syss-20110721	2011-07-21
Red Hat	RHSA-2011:1005-01	2011-07-21
Fedora	FEDORA-2007-675	2007-08-27
Fedora	FEDORA-2007-1697	2007-08-20

(Log in to post comments)

sysstat: insecure temporary files

Posted Sep 27, 2007 18:31 UTC (Thu) by kreutzm (guest, #4700) [Link]

Debian Sarge and Etch are not vulnerable.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds