The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108.
Software | From | Fixed in |
---|---|---|
sgi / propack | 2.3 | 2.3.x |
sgi / propack | 2.4 | 2.4.x |
sysstat / sysstat | 4.0.7 | 4.0.7.x |
sysstat / sysstat | 4.1.1 | 4.1.1.x |
sysstat / sysstat | 4.1.2 | 4.1.2.x |
sysstat / sysstat | 4.1.3 | 4.1.3.x |
sysstat / sysstat | 4.1.4 | 4.1.4.x |
sysstat / sysstat | 4.1.5 | 4.1.5.x |
sysstat / sysstat | 4.1.6 | 4.1.6.x |
sysstat / sysstat | 4.1.7 | 4.1.7.x |
sysstat / sysstat | 5.0.1 | 5.0.1.x |
redhat / sysstat | 4.0.7-3 | 4.0.7-3.x |