CVE-2007-3852

{"id": "CVE-2007-3852", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.4, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-08-14T18:17:00.000", "references": [{"url": "http://osvdb.org/39709", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26527", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2011-1005.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/25380", "source": "secalert@redhat.com"}, {"url": "https://bugs.gentoo.org/show_bug.cgi?id=188808", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36045", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code."}, {"lang": "es", "value": "El script init (sysstat.in) en sysstat versiones 5.1.2 hasta 7.1.6, crea de manera no segura el archivo /tmp/sysstat.run, lo que permite a usuarios locales ejecutar c\u00f3digo arbitrario."}], "lastModified": "2023-02-13T02:18:16.177", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sysstat:sysstat:5.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32CD4705-19AC-4206-9BEF-B3AA990454F2"}, {"criteria": "cpe:2.3:a:sysstat:sysstat:5.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7F70CFB-2ADC-4200-8FD0-182FA66AAA2B"}, {"criteria": "cpe:2.3:a:sysstat:sysstat:5.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4340FE60-FEF1-4963-8815-D70C2B1E3200"}, {"criteria": "cpe:2.3:a:sysstat:sysstat:5.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EDFB9169-E45A-4EBA-9886-85F62F57402E"}, {"criteria": "cpe:2.3:a:sysstat:sysstat:6.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14D823DF-8E61-4BA5-B9B6-8DBADFDDF4ED"}, {"criteria": "cpe:2.3:a:sysstat:sysstat:6.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA29CC09-F246-479C-85A6-082E7DBD825B"}, {"criteria": "cpe:2.3:a:sysstat:sysstat:6.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1A318D2-675D-46E8-A0A0-F4CFA531F5B2"}, {"criteria": "cpe:2.3:a:sysstat:sysstat:6.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55EF88AF-E44D-42FB-B4C9-3B88A6FC0B11"}, {"criteria": "cpe:2.3:a:sysstat:sysstat:6.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD4F2BD8-ED83-4B53-8E97-84BAA1CEA911"}, {"criteria": "cpe:2.3:a:sysstat:sysstat:6.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3FC0732-FAB9-4DED-94A7-EF605162834B"}, {"criteria": "cpe:2.3:a:sysstat:sysstat:7.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D4F62C9-7935-4B09-9279-1026F4E109DA"}, {"criteria": "cpe:2.3:a:sysstat:sysstat:7.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CB8D001-6219-44BB-A71C-440F52A3430A"}, {"criteria": "cpe:2.3:a:sysstat:sysstat:7.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD6BEB86-118F-40AB-BABA-AC26B8FBA30F"}, {"criteria": "cpe:2.3:a:sysstat:sysstat:7.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BD7CD22-7CD3-4829-8BF9-5375A562A039"}, {"criteria": "cpe:2.3:a:sysstat:sysstat:7.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A4D6E46-2281-4A6B-A1C2-048352A7C1BA"}, {"criteria": "cpe:2.3:a:sysstat:sysstat:7.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9BC25B8-9D00-46D4-AF3D-4ABD53927FC4"}, {"criteria": "cpe:2.3:a:sysstat:sysstat:7.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB703663-DB5D-4BB9-83DF-CEDC163E0265"}, {"criteria": "cpe:2.3:a:sysstat:sysstat:7.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EDD358ED-89BA-472E-A908-C25F81AAA954"}, {"criteria": "cpe:2.3:a:sysstat:sysstat:7.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA47ADFC-D33C-461B-830A-7B2C448AA263"}, {"criteria": "cpe:2.3:a:sysstat:sysstat:7.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDF3D513-A79F-453F-9E5E-CB3A043EFEAE"}, {"criteria": "cpe:2.3:a:sysstat:sysstat:7.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "793C580B-A8C2-423B-AB3C-5954B00D39DD"}], "operator": "OR"}]}], "vendorComments": [{"comment": "This issue did not affect the versions of sysstat as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.\n\nFor Red Hat Enterprise Linux 5, Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251200\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.", "lastModified": "2008-05-12T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "secalert@redhat.com"}