CVE-2004-0108 — MEDIUM (4.6)

Vulnerability Description

The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107.

CVSS Score

4.6

MEDIUM

AV:L/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Redhat	Sysstat	4.0.7-3
Sgi	Propack	2.3
Sysstat	Sysstat	4.0.7

References

ftp://patches.sgi.com/support/free/security/advisories/20040302-01-U.ascPatch
http://www.debian.org/security/2004/dsa-460
http://www.redhat.com/support/errata/RHSA-2004-053.htmlPatchVendor Advisory
http://www.securityfocus.com/bid/9844PatchVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15437
ftp://patches.sgi.com/support/free/security/advisories/20040302-01-U.ascPatch
http://www.debian.org/security/2004/dsa-460
http://www.redhat.com/support/errata/RHSA-2004-053.htmlPatchVendor Advisory
http://www.securityfocus.com/bid/9844PatchVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15437

FAQ

What is CVE-2004-0108?

CVE-2004-0108 is a vulnerability with a CVSS score of 4.6 (MEDIUM). The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107.

How severe is CVE-2004-0108?

CVE-2004-0108 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2004-0108?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Sysstat, Sgi Propack, Sysstat Sysstat.