{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-14T00:00:00", "descriptions": [{"lang": "en", "value": "The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "26527", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26527"}, {"name": "sysstat-init-privilege-escalation(36045)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36045"}, {"name": "25380", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25380"}, {"name": "39709", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/39709"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=188808"}, {"name": "RHSA-2011:1005", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2011-1005.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:28:52.567Z"}, "title": "CVE Program Container", "references": [{"name": "26527", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26527"}, {"name": "sysstat-init-privilege-escalation(36045)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36045"}, {"name": "25380", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25380"}, {"name": "39709", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/39709"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=188808"}, {"name": "RHSA-2011:1005", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2011-1005.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-3852", "datePublished": "2007-08-14T18:00:00", "dateReserved": "2007-07-18T00:00:00", "dateUpdated": "2024-08-07T14:28:52.567Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sysstat:sysstat:5.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "32CD4705-19AC-4206-9BEF-B3AA990454F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sysstat:sysstat:5.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "D7F70CFB-2ADC-4200-8FD0-182FA66AAA2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sysstat:sysstat:5.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "4340FE60-FEF1-4963-8815-D70C2B1E3200", "vulnerable": true}, {"criteria": "cpe:2.3:a:sysstat:sysstat:5.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "EDFB9169-E45A-4EBA-9886-85F62F57402E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sysstat:sysstat:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "14D823DF-8E61-4BA5-B9B6-8DBADFDDF4ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:sysstat:sysstat:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "DA29CC09-F246-479C-85A6-082E7DBD825B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sysstat:sysstat:6.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "B1A318D2-675D-46E8-A0A0-F4CFA531F5B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sysstat:sysstat:6.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "55EF88AF-E44D-42FB-B4C9-3B88A6FC0B11", "vulnerable": true}, {"criteria": "cpe:2.3:a:sysstat:sysstat:6.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "AD4F2BD8-ED83-4B53-8E97-84BAA1CEA911", "vulnerable": true}, {"criteria": "cpe:2.3:a:sysstat:sysstat:6.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "C3FC0732-FAB9-4DED-94A7-EF605162834B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sysstat:sysstat:7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0D4F62C9-7935-4B09-9279-1026F4E109DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:sysstat:sysstat:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "9CB8D001-6219-44BB-A71C-440F52A3430A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sysstat:sysstat:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "FD6BEB86-118F-40AB-BABA-AC26B8FBA30F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sysstat:sysstat:7.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "7BD7CD22-7CD3-4829-8BF9-5375A562A039", "vulnerable": true}, {"criteria": "cpe:2.3:a:sysstat:sysstat:7.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "8A4D6E46-2281-4A6B-A1C2-048352A7C1BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:sysstat:sysstat:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D9BC25B8-9D00-46D4-AF3D-4ABD53927FC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:sysstat:sysstat:7.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "EB703663-DB5D-4BB9-83DF-CEDC163E0265", "vulnerable": true}, {"criteria": "cpe:2.3:a:sysstat:sysstat:7.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "EDD358ED-89BA-472E-A908-C25F81AAA954", "vulnerable": true}, {"criteria": "cpe:2.3:a:sysstat:sysstat:7.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "CA47ADFC-D33C-461B-830A-7B2C448AA263", "vulnerable": true}, {"criteria": "cpe:2.3:a:sysstat:sysstat:7.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "FDF3D513-A79F-453F-9E5E-CB3A043EFEAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:sysstat:sysstat:7.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "793C580B-A8C2-423B-AB3C-5954B00D39DD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code."}, {"lang": "es", "value": "El script init (sysstat.in) en sysstat versiones 5.1.2 hasta 7.1.6, crea de manera no segura el archivo /tmp/sysstat.run, lo que permite a usuarios locales ejecutar c\u00f3digo arbitrario."}], "id": "CVE-2007-3852", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-08-14T18:17:00.000", "references": [{"source": "secalert@redhat.com", "url": "http://osvdb.org/39709"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26527"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2011-1005.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/25380"}, {"source": "secalert@redhat.com", "url": "https://bugs.gentoo.org/show_bug.cgi?id=188808"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36045"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/39709"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26527"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2011-1005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/25380"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.gentoo.org/show_bug.cgi?id=188808"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36045"}], "sourceIdentifier": "secalert@redhat.com", "vendorComments": [{"comment": "This issue did not affect the versions of sysstat as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.\n\nFor Red Hat Enterprise Linux 5, Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251200\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.", "lastModified": "2008-05-12T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2011:1005", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "sysstat-0:7.0.2-11.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2011-07-21T00:00:00Z"}], "bugzilla": {"description": "sysstat insecure temporary file usage", "id": "251200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=251200"}, "csaw": false, "cvss": {"cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "status": "verified"}, "cwe": "CWE-377", "details": ["The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code."], "name": "CVE-2007-3852", "public_date": "2007-08-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2007-3852\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-3852"], "statement": "This issue did not affect the versions of sysstat as shipped with Red Hat Enterprise Linux 4. This issue has been addressed in Red Hat Enterprise Linux 5 via RHSA-2011:1005 advisory.", "threat_severity": "Low"}