cvelistv5 - cve-2007-3852

CVE-2007-3852 (GCVE-0-2007-3852)

Vulnerability from cvelistv5 – Published: 2007-08-14 18:00 – Updated: 2024-08-07 14:28

Summary

The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

FKIE_CVE-2007-3852

Vulnerability from fkie_nvd - Published: 2007-08-14 18:17 - Updated: 2025-04-09 00:30

Severity ?

Summary

The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.

References

URL	Tags
secalert@redhat.com	http://osvdb.org/39709
secalert@redhat.com	http://secunia.com/advisories/26527	Vendor Advisory
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2011-1005.html	Vendor Advisory
secalert@redhat.com	http://www.securityfocus.com/bid/25380
secalert@redhat.com	https://bugs.gentoo.org/show_bug.cgi?id=188808
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/36045
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/39709
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26527	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2011-1005.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/25380
af854a3a-2127-422b-91ae-364da2661108	https://bugs.gentoo.org/show_bug.cgi?id=188808
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/36045

Impacted products

Vendor	Product	Version
sysstat	sysstat	5.1.2
sysstat	sysstat	5.1.3
sysstat	sysstat	5.1.4
sysstat	sysstat	5.1.5
sysstat	sysstat	6.0.0
sysstat	sysstat	6.0.1
sysstat	sysstat	6.0.2
sysstat	sysstat	6.0.3
sysstat	sysstat	6.0.4
sysstat	sysstat	6.0.5
sysstat	sysstat	7.0.0
sysstat	sysstat	7.0.1
sysstat	sysstat	7.0.2
sysstat	sysstat	7.0.3
sysstat	sysstat	7.0.4
sysstat	sysstat	7.1.1
sysstat	sysstat	7.1.2
sysstat	sysstat	7.1.3
sysstat	sysstat	7.1.4
sysstat	sysstat	7.1.5
sysstat	sysstat	7.1.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sysstat:sysstat:5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "32CD4705-19AC-4206-9BEF-B3AA990454F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sysstat:sysstat:5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7F70CFB-2ADC-4200-8FD0-182FA66AAA2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sysstat:sysstat:5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4340FE60-FEF1-4963-8815-D70C2B1E3200",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sysstat:sysstat:5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDFB9169-E45A-4EBA-9886-85F62F57402E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sysstat:sysstat:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "14D823DF-8E61-4BA5-B9B6-8DBADFDDF4ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sysstat:sysstat:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA29CC09-F246-479C-85A6-082E7DBD825B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sysstat:sysstat:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1A318D2-675D-46E8-A0A0-F4CFA531F5B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sysstat:sysstat:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "55EF88AF-E44D-42FB-B4C9-3B88A6FC0B11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sysstat:sysstat:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD4F2BD8-ED83-4B53-8E97-84BAA1CEA911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sysstat:sysstat:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3FC0732-FAB9-4DED-94A7-EF605162834B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sysstat:sysstat:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D4F62C9-7935-4B09-9279-1026F4E109DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sysstat:sysstat:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CB8D001-6219-44BB-A71C-440F52A3430A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sysstat:sysstat:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD6BEB86-118F-40AB-BABA-AC26B8FBA30F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sysstat:sysstat:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BD7CD22-7CD3-4829-8BF9-5375A562A039",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sysstat:sysstat:7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A4D6E46-2281-4A6B-A1C2-048352A7C1BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sysstat:sysstat:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9BC25B8-9D00-46D4-AF3D-4ABD53927FC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sysstat:sysstat:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB703663-DB5D-4BB9-83DF-CEDC163E0265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sysstat:sysstat:7.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDD358ED-89BA-472E-A908-C25F81AAA954",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sysstat:sysstat:7.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA47ADFC-D33C-461B-830A-7B2C448AA263",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sysstat:sysstat:7.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDF3D513-A79F-453F-9E5E-CB3A043EFEAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sysstat:sysstat:7.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "793C580B-A8C2-423B-AB3C-5954B00D39DD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code."
    },
    {
      "lang": "es",
      "value": "El script init (sysstat.in) en sysstat versiones 5.1.2 hasta 7.1.6, crea de manera no segura el archivo /tmp/sysstat.run, lo que permite a usuarios locales ejecutar c\u00f3digo arbitrario."
    }
  ],
  "id": "CVE-2007-3852",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-08-14T18:17:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/39709"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26527"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1005.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/25380"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugs.gentoo.org/show_bug.cgi?id=188808"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36045"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/39709"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26527"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/25380"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.gentoo.org/show_bug.cgi?id=188808"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36045"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vendorComments": [
    {
      "comment": "This issue did not affect the versions of sysstat as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.\n\nFor Red Hat Enterprise Linux 5, Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251200\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.",
      "lastModified": "2008-05-12T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2007-3852

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.

Aliases

CVE-2007-3852

Aliases

CVE-2007-3852

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-3852",
    "description": "The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.",
    "id": "GSD-2007-3852",
    "references": [
      "https://www.suse.com/security/cve/CVE-2007-3852.html",
      "https://access.redhat.com/errata/RHSA-2011:1005",
      "https://linux.oracle.com/cve/CVE-2007-3852.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-3852"
      ],
      "details": "The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.",
      "id": "GSD-2007-3852",
      "modified": "2023-12-13T01:21:41.788409Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2007-3852",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://osvdb.org/39709",
            "refsource": "MISC",
            "url": "http://osvdb.org/39709"
          },
          {
            "name": "http://secunia.com/advisories/26527",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/26527"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2011-1005.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2011-1005.html"
          },
          {
            "name": "http://www.securityfocus.com/bid/25380",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/25380"
          },
          {
            "name": "https://bugs.gentoo.org/show_bug.cgi?id=188808",
            "refsource": "MISC",
            "url": "https://bugs.gentoo.org/show_bug.cgi?id=188808"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36045",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36045"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sysstat:sysstat:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sysstat:sysstat:7.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sysstat:sysstat:7.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sysstat:sysstat:7.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sysstat:sysstat:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sysstat:sysstat:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sysstat:sysstat:5.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sysstat:sysstat:7.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sysstat:sysstat:5.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sysstat:sysstat:6.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sysstat:sysstat:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sysstat:sysstat:6.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sysstat:sysstat:5.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sysstat:sysstat:6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sysstat:sysstat:7.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sysstat:sysstat:7.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sysstat:sysstat:7.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sysstat:sysstat:6.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sysstat:sysstat:7.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sysstat:sysstat:5.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sysstat:sysstat:7.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2007-3852"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.gentoo.org/show_bug.cgi?id=188808",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugs.gentoo.org/show_bug.cgi?id=188808"
            },
            {
              "name": "25380",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/25380"
            },
            {
              "name": "26527",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26527"
            },
            {
              "name": "39709",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/39709"
            },
            {
              "name": "RHSA-2011:1005",
              "refsource": "REDHAT",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-1005.html"
            },
            {
              "name": "sysstat-init-privilege-escalation(36045)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36045"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-02-13T02:18Z",
      "publishedDate": "2007-08-14T18:17Z"
    }
  }
}

RHSA-2011:1005

Vulnerability from csaf_redhat - Published: 2011-07-21 09:22 - Updated: 2025-11-21 17:38

Summary

Red Hat Security Advisory: sysstat security, bug fix, and enhancement update

Notes

Topic

An updated sysstat package that fixes one security issue, various bugs, and adds one enhancement is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Details

The sysstat package contains a set of utilities which enable system monitoring of disks, network, and other I/O activity. It was found that the sysstat initscript created a temporary file in an insecure way. A local attacker could use this flaw to create arbitrary files via a symbolic link attack. (CVE-2007-3852) This update fixes the following bugs: * On systems under heavy load, the sadc utility would sometimes output the following error message if a write() call was unable to write all of the requested input: "Cannot write data to system activity file: Success." In this updated package, the sadc utility tries to write the remaining input, resolving this issue. (BZ#454617) * On the Itanium architecture, the "sar -I" command provided incorrect information about the interrupt statistics of the system. With this update, the "sar -I" command has been disabled for this architecture, preventing this bug. (BZ#468340) * Previously, the "iostat -n" command used invalid data to create statistics for read and write operations. With this update, the data source for these statistics has been fixed, and the iostat utility now returns correct information. (BZ#484439) * The "sar -d" command used to output invalid data about block devices. With this update, the sar utility recognizes disk registration and disk overflow statistics properly, and only correct and relevant data is now displayed. (BZ#517490) * Previously, the sar utility set the maximum number of days to be logged in one month too high. Consequently, data from a month was appended to data from the preceding month. With this update, the maximum number of days has been set to 25, and data from a month now correctly replaces data from the preceding month. (BZ#578929) * In previous versions of the iostat utility, the number of NFS mount points was hard-coded. Consequently, various issues occurred while iostat was running and NFS mount points were mounted or unmounted; certain values in iostat reports overflowed and some mount points were not reported at all. With this update, iostat properly recognizes when an NFS mount point mounts or unmounts, fixing these issues. (BZ#675058, BZ#706095, BZ#694767) * When a device name was longer than 13 characters, the iostat utility printed a redundant new line character, making its output less readable. This bug has been fixed and now, no extra characters are printed if a long device name occurs in iostat output. (BZ#604637) * Previously, if kernel interrupt counters overflowed, the sar utility provided confusing output. This bug has been fixed and the sum of interrupts is now reported correctly. (BZ#622557) * When some processors were disabled on a multi-processor system, the sar utility sometimes failed to provide information about the CPU activity. With this update, the uptime of a single processor is used to compute the statistics, rather than the total uptime of all processors, and this bug no longer occurs. (BZ#630559) * Previously, the mpstat utility wrongly interpreted data about processors in the system. Consequently, it reported a processor that did not exist. This bug has been fixed and non-existent CPUs are no longer reported by mpstat. (BZ#579409) * Previously, there was no easy way to enable the collection of statistics about disks and interrupts. Now, the SADC_OPTIONS variable can be used to set parameters for the sadc utility, fixing this bug. (BZ#598794) * The read_uptime() function failed to close its open file upon exit. A patch has been provided to fix this bug. (BZ#696672) This update also adds the following enhancement: * With this update, the cifsiostat utility has been added to the sysstat package to provide CIFS (Common Internet File System) mount point I/O statistics. (BZ#591530) All sysstat users are advised to upgrade to this updated package, which contains backported patches to correct these issues and add this enhancement.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated sysstat package that fixes one security issue, various bugs, and\nadds one enhancement is now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The sysstat package contains a set of utilities which enable system\nmonitoring of disks, network, and other I/O activity.\n\nIt was found that the sysstat initscript created a temporary file in an\ninsecure way. A local attacker could use this flaw to create arbitrary\nfiles via a symbolic link attack. (CVE-2007-3852)\n\nThis update fixes the following bugs:\n\n* On systems under heavy load, the sadc utility would sometimes output the\nfollowing error message if a write() call was unable to write all of the\nrequested input:\n\n\"Cannot write data to system activity file: Success.\"\n\nIn this updated package, the sadc utility tries to write the remaining\ninput, resolving this issue. (BZ#454617)\n\n* On the Itanium architecture, the \"sar -I\" command provided incorrect\ninformation about the interrupt statistics of the system. With this update,\nthe \"sar -I\" command has been disabled for this architecture, preventing\nthis bug. (BZ#468340)\n\n* Previously, the \"iostat -n\" command used invalid data to create\nstatistics for read and write operations. With this update, the data source\nfor these statistics has been fixed, and the iostat utility now returns\ncorrect information. (BZ#484439)\n\n* The \"sar -d\" command used to output invalid data about block devices.\nWith this update, the sar utility recognizes disk registration and disk\noverflow statistics properly, and only correct and relevant data is now\ndisplayed. (BZ#517490)\n\n* Previously, the sar utility set the maximum number of days to be logged\nin one month too high. Consequently, data from a month was appended to\ndata from the preceding month. With this update, the maximum number of days\nhas been set to 25, and data from a month now correctly replaces data from\nthe preceding month. (BZ#578929)\n\n* In previous versions of the iostat utility, the number of NFS mount\npoints was hard-coded. Consequently, various issues occurred while iostat\nwas running and NFS mount points were mounted or unmounted; certain values\nin iostat reports overflowed and some mount points were not reported at\nall. With this update, iostat properly recognizes when an NFS mount point\nmounts or unmounts, fixing these issues. (BZ#675058, BZ#706095, BZ#694767)\n\n* When a device name was longer than 13 characters, the iostat utility\nprinted a redundant new line character, making its output less readable.\nThis bug has been fixed and now, no extra characters are printed if a long\ndevice name occurs in iostat output. (BZ#604637)\n\n* Previously, if kernel interrupt counters overflowed, the sar utility\nprovided confusing output. This bug has been fixed and the sum of\ninterrupts is now reported correctly. (BZ#622557)\n\n* When some processors were disabled on a multi-processor system, the sar\nutility sometimes failed to provide information about the CPU activity.\nWith this update, the uptime of a single processor is used to compute the\nstatistics, rather than the total uptime of all processors, and this bug no\nlonger occurs. (BZ#630559)\n\n* Previously, the mpstat utility wrongly interpreted data about processors\nin the system. Consequently, it reported a processor that did not exist.\nThis bug has been fixed and non-existent CPUs are no longer reported by\nmpstat. (BZ#579409)\n\n* Previously, there was no easy way to enable the collection of statistics\nabout disks and interrupts. Now, the SADC_OPTIONS variable can be used to\nset parameters for the sadc utility, fixing this bug. (BZ#598794)\n\n* The read_uptime() function failed to close its open file upon exit. A\npatch has been provided to fix this bug. (BZ#696672)\n\nThis update also adds the following enhancement:\n\n* With this update, the cifsiostat utility has been added to the sysstat\npackage to provide CIFS (Common Internet File System) mount point I/O\nstatistics. (BZ#591530)\n\nAll sysstat users are advised to upgrade to this updated package, which\ncontains backported patches to correct these issues and add this\nenhancement.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2011:1005",
        "url": "https://access.redhat.com/errata/RHSA-2011:1005"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#low",
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "251200",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=251200"
      },
      {
        "category": "external",
        "summary": "454617",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454617"
      },
      {
        "category": "external",
        "summary": "484439",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=484439"
      },
      {
        "category": "external",
        "summary": "517490",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=517490"
      },
      {
        "category": "external",
        "summary": "578929",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578929"
      },
      {
        "category": "external",
        "summary": "579409",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=579409"
      },
      {
        "category": "external",
        "summary": "598794",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=598794"
      },
      {
        "category": "external",
        "summary": "604637",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=604637"
      },
      {
        "category": "external",
        "summary": "622557",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=622557"
      },
      {
        "category": "external",
        "summary": "630559",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630559"
      },
      {
        "category": "external",
        "summary": "675058",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675058"
      },
      {
        "category": "external",
        "summary": "694767",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694767"
      },
      {
        "category": "external",
        "summary": "696672",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696672"
      },
      {
        "category": "external",
        "summary": "706095",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=706095"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2011/rhsa-2011_1005.json"
      }
    ],
    "title": "Red Hat Security Advisory: sysstat security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2025-11-21T17:38:34+00:00",
      "generator": {
        "date": "2025-11-21T17:38:34+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2011:1005",
      "initial_release_date": "2011-07-21T09:22:00+00:00",
      "revision_history": [
        {
          "date": "2011-07-21T09:22:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2011-07-21T06:39:28+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:38:34+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                  "product_id": "5Client",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux (v. 5 server)",
                "product": {
                  "name": "Red Hat Enterprise Linux (v. 5 server)",
                  "product_id": "5Server",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sysstat-0:7.0.2-11.el5.src",
                "product": {
                  "name": "sysstat-0:7.0.2-11.el5.src",
                  "product_id": "sysstat-0:7.0.2-11.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sysstat@7.0.2-11.el5?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sysstat-0:7.0.2-11.el5.x86_64",
                "product": {
                  "name": "sysstat-0:7.0.2-11.el5.x86_64",
                  "product_id": "sysstat-0:7.0.2-11.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sysstat@7.0.2-11.el5?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "sysstat-debuginfo-0:7.0.2-11.el5.x86_64",
                "product": {
                  "name": "sysstat-debuginfo-0:7.0.2-11.el5.x86_64",
                  "product_id": "sysstat-debuginfo-0:7.0.2-11.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sysstat-debuginfo@7.0.2-11.el5?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sysstat-0:7.0.2-11.el5.i386",
                "product": {
                  "name": "sysstat-0:7.0.2-11.el5.i386",
                  "product_id": "sysstat-0:7.0.2-11.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sysstat@7.0.2-11.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "sysstat-debuginfo-0:7.0.2-11.el5.i386",
                "product": {
                  "name": "sysstat-debuginfo-0:7.0.2-11.el5.i386",
                  "product_id": "sysstat-debuginfo-0:7.0.2-11.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sysstat-debuginfo@7.0.2-11.el5?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sysstat-0:7.0.2-11.el5.ia64",
                "product": {
                  "name": "sysstat-0:7.0.2-11.el5.ia64",
                  "product_id": "sysstat-0:7.0.2-11.el5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sysstat@7.0.2-11.el5?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "sysstat-debuginfo-0:7.0.2-11.el5.ia64",
                "product": {
                  "name": "sysstat-debuginfo-0:7.0.2-11.el5.ia64",
                  "product_id": "sysstat-debuginfo-0:7.0.2-11.el5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sysstat-debuginfo@7.0.2-11.el5?arch=ia64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sysstat-0:7.0.2-11.el5.ppc",
                "product": {
                  "name": "sysstat-0:7.0.2-11.el5.ppc",
                  "product_id": "sysstat-0:7.0.2-11.el5.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sysstat@7.0.2-11.el5?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "sysstat-debuginfo-0:7.0.2-11.el5.ppc",
                "product": {
                  "name": "sysstat-debuginfo-0:7.0.2-11.el5.ppc",
                  "product_id": "sysstat-debuginfo-0:7.0.2-11.el5.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sysstat-debuginfo@7.0.2-11.el5?arch=ppc"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sysstat-0:7.0.2-11.el5.s390x",
                "product": {
                  "name": "sysstat-0:7.0.2-11.el5.s390x",
                  "product_id": "sysstat-0:7.0.2-11.el5.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sysstat@7.0.2-11.el5?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "sysstat-debuginfo-0:7.0.2-11.el5.s390x",
                "product": {
                  "name": "sysstat-debuginfo-0:7.0.2-11.el5.s390x",
                  "product_id": "sysstat-debuginfo-0:7.0.2-11.el5.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sysstat-debuginfo@7.0.2-11.el5?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-0:7.0.2-11.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sysstat-0:7.0.2-11.el5.i386"
        },
        "product_reference": "sysstat-0:7.0.2-11.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-0:7.0.2-11.el5.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sysstat-0:7.0.2-11.el5.ia64"
        },
        "product_reference": "sysstat-0:7.0.2-11.el5.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-0:7.0.2-11.el5.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sysstat-0:7.0.2-11.el5.ppc"
        },
        "product_reference": "sysstat-0:7.0.2-11.el5.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-0:7.0.2-11.el5.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sysstat-0:7.0.2-11.el5.s390x"
        },
        "product_reference": "sysstat-0:7.0.2-11.el5.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-0:7.0.2-11.el5.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sysstat-0:7.0.2-11.el5.src"
        },
        "product_reference": "sysstat-0:7.0.2-11.el5.src",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-0:7.0.2-11.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sysstat-0:7.0.2-11.el5.x86_64"
        },
        "product_reference": "sysstat-0:7.0.2-11.el5.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-debuginfo-0:7.0.2-11.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sysstat-debuginfo-0:7.0.2-11.el5.i386"
        },
        "product_reference": "sysstat-debuginfo-0:7.0.2-11.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-debuginfo-0:7.0.2-11.el5.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sysstat-debuginfo-0:7.0.2-11.el5.ia64"
        },
        "product_reference": "sysstat-debuginfo-0:7.0.2-11.el5.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-debuginfo-0:7.0.2-11.el5.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sysstat-debuginfo-0:7.0.2-11.el5.ppc"
        },
        "product_reference": "sysstat-debuginfo-0:7.0.2-11.el5.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-debuginfo-0:7.0.2-11.el5.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sysstat-debuginfo-0:7.0.2-11.el5.s390x"
        },
        "product_reference": "sysstat-debuginfo-0:7.0.2-11.el5.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-debuginfo-0:7.0.2-11.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sysstat-debuginfo-0:7.0.2-11.el5.x86_64"
        },
        "product_reference": "sysstat-debuginfo-0:7.0.2-11.el5.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-0:7.0.2-11.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sysstat-0:7.0.2-11.el5.i386"
        },
        "product_reference": "sysstat-0:7.0.2-11.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-0:7.0.2-11.el5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sysstat-0:7.0.2-11.el5.ia64"
        },
        "product_reference": "sysstat-0:7.0.2-11.el5.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-0:7.0.2-11.el5.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sysstat-0:7.0.2-11.el5.ppc"
        },
        "product_reference": "sysstat-0:7.0.2-11.el5.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-0:7.0.2-11.el5.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sysstat-0:7.0.2-11.el5.s390x"
        },
        "product_reference": "sysstat-0:7.0.2-11.el5.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-0:7.0.2-11.el5.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sysstat-0:7.0.2-11.el5.src"
        },
        "product_reference": "sysstat-0:7.0.2-11.el5.src",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-0:7.0.2-11.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sysstat-0:7.0.2-11.el5.x86_64"
        },
        "product_reference": "sysstat-0:7.0.2-11.el5.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-debuginfo-0:7.0.2-11.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sysstat-debuginfo-0:7.0.2-11.el5.i386"
        },
        "product_reference": "sysstat-debuginfo-0:7.0.2-11.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-debuginfo-0:7.0.2-11.el5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sysstat-debuginfo-0:7.0.2-11.el5.ia64"
        },
        "product_reference": "sysstat-debuginfo-0:7.0.2-11.el5.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-debuginfo-0:7.0.2-11.el5.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sysstat-debuginfo-0:7.0.2-11.el5.ppc"
        },
        "product_reference": "sysstat-debuginfo-0:7.0.2-11.el5.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-debuginfo-0:7.0.2-11.el5.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sysstat-debuginfo-0:7.0.2-11.el5.s390x"
        },
        "product_reference": "sysstat-debuginfo-0:7.0.2-11.el5.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-debuginfo-0:7.0.2-11.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sysstat-debuginfo-0:7.0.2-11.el5.x86_64"
        },
        "product_reference": "sysstat-debuginfo-0:7.0.2-11.el5.x86_64",
        "relates_to_product_reference": "5Server"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-3852",
      "cwe": {
        "id": "CWE-377",
        "name": "Insecure Temporary File"
      },
      "discovery_date": "2007-08-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "251200"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "sysstat insecure temporary file usage",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect the versions of sysstat as shipped with Red Hat Enterprise Linux 4. This issue has been addressed in Red Hat Enterprise Linux 5 via RHSA-2011:1005 advisory.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:sysstat-0:7.0.2-11.el5.i386",
          "5Client:sysstat-0:7.0.2-11.el5.ia64",
          "5Client:sysstat-0:7.0.2-11.el5.ppc",
          "5Client:sysstat-0:7.0.2-11.el5.s390x",
          "5Client:sysstat-0:7.0.2-11.el5.src",
          "5Client:sysstat-0:7.0.2-11.el5.x86_64",
          "5Client:sysstat-debuginfo-0:7.0.2-11.el5.i386",
          "5Client:sysstat-debuginfo-0:7.0.2-11.el5.ia64",
          "5Client:sysstat-debuginfo-0:7.0.2-11.el5.ppc",
          "5Client:sysstat-debuginfo-0:7.0.2-11.el5.s390x",
          "5Client:sysstat-debuginfo-0:7.0.2-11.el5.x86_64",
          "5Server:sysstat-0:7.0.2-11.el5.i386",
          "5Server:sysstat-0:7.0.2-11.el5.ia64",
          "5Server:sysstat-0:7.0.2-11.el5.ppc",
          "5Server:sysstat-0:7.0.2-11.el5.s390x",
          "5Server:sysstat-0:7.0.2-11.el5.src",
          "5Server:sysstat-0:7.0.2-11.el5.x86_64",
          "5Server:sysstat-debuginfo-0:7.0.2-11.el5.i386",
          "5Server:sysstat-debuginfo-0:7.0.2-11.el5.ia64",
          "5Server:sysstat-debuginfo-0:7.0.2-11.el5.ppc",
          "5Server:sysstat-debuginfo-0:7.0.2-11.el5.s390x",
          "5Server:sysstat-debuginfo-0:7.0.2-11.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-3852"
        },
        {
          "category": "external",
          "summary": "RHBZ#251200",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=251200"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3852",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-3852"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3852",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3852"
        }
      ],
      "release_date": "2007-08-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2011-07-21T09:22:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259",
          "product_ids": [
            "5Client:sysstat-0:7.0.2-11.el5.i386",
            "5Client:sysstat-0:7.0.2-11.el5.ia64",
            "5Client:sysstat-0:7.0.2-11.el5.ppc",
            "5Client:sysstat-0:7.0.2-11.el5.s390x",
            "5Client:sysstat-0:7.0.2-11.el5.src",
            "5Client:sysstat-0:7.0.2-11.el5.x86_64",
            "5Client:sysstat-debuginfo-0:7.0.2-11.el5.i386",
            "5Client:sysstat-debuginfo-0:7.0.2-11.el5.ia64",
            "5Client:sysstat-debuginfo-0:7.0.2-11.el5.ppc",
            "5Client:sysstat-debuginfo-0:7.0.2-11.el5.s390x",
            "5Client:sysstat-debuginfo-0:7.0.2-11.el5.x86_64",
            "5Server:sysstat-0:7.0.2-11.el5.i386",
            "5Server:sysstat-0:7.0.2-11.el5.ia64",
            "5Server:sysstat-0:7.0.2-11.el5.ppc",
            "5Server:sysstat-0:7.0.2-11.el5.s390x",
            "5Server:sysstat-0:7.0.2-11.el5.src",
            "5Server:sysstat-0:7.0.2-11.el5.x86_64",
            "5Server:sysstat-debuginfo-0:7.0.2-11.el5.i386",
            "5Server:sysstat-debuginfo-0:7.0.2-11.el5.ia64",
            "5Server:sysstat-debuginfo-0:7.0.2-11.el5.ppc",
            "5Server:sysstat-debuginfo-0:7.0.2-11.el5.s390x",
            "5Server:sysstat-debuginfo-0:7.0.2-11.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2011:1005"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "5Client:sysstat-0:7.0.2-11.el5.i386",
            "5Client:sysstat-0:7.0.2-11.el5.ia64",
            "5Client:sysstat-0:7.0.2-11.el5.ppc",
            "5Client:sysstat-0:7.0.2-11.el5.s390x",
            "5Client:sysstat-0:7.0.2-11.el5.src",
            "5Client:sysstat-0:7.0.2-11.el5.x86_64",
            "5Client:sysstat-debuginfo-0:7.0.2-11.el5.i386",
            "5Client:sysstat-debuginfo-0:7.0.2-11.el5.ia64",
            "5Client:sysstat-debuginfo-0:7.0.2-11.el5.ppc",
            "5Client:sysstat-debuginfo-0:7.0.2-11.el5.s390x",
            "5Client:sysstat-debuginfo-0:7.0.2-11.el5.x86_64",
            "5Server:sysstat-0:7.0.2-11.el5.i386",
            "5Server:sysstat-0:7.0.2-11.el5.ia64",
            "5Server:sysstat-0:7.0.2-11.el5.ppc",
            "5Server:sysstat-0:7.0.2-11.el5.s390x",
            "5Server:sysstat-0:7.0.2-11.el5.src",
            "5Server:sysstat-0:7.0.2-11.el5.x86_64",
            "5Server:sysstat-debuginfo-0:7.0.2-11.el5.i386",
            "5Server:sysstat-debuginfo-0:7.0.2-11.el5.ia64",
            "5Server:sysstat-debuginfo-0:7.0.2-11.el5.ppc",
            "5Server:sysstat-debuginfo-0:7.0.2-11.el5.s390x",
            "5Server:sysstat-debuginfo-0:7.0.2-11.el5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "sysstat insecure temporary file usage"
    }
  ]
}

RHSA-2011_1005

Vulnerability from csaf_redhat - Published: 2011-07-21 09:22 - Updated: 2024-11-22 04:16

Summary

Red Hat Security Advisory: sysstat security, bug fix, and enhancement update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated sysstat package that fixes one security issue, various bugs, and\nadds one enhancement is now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The sysstat package contains a set of utilities which enable system\nmonitoring of disks, network, and other I/O activity.\n\nIt was found that the sysstat initscript created a temporary file in an\ninsecure way. A local attacker could use this flaw to create arbitrary\nfiles via a symbolic link attack. (CVE-2007-3852)\n\nThis update fixes the following bugs:\n\n* On systems under heavy load, the sadc utility would sometimes output the\nfollowing error message if a write() call was unable to write all of the\nrequested input:\n\n\"Cannot write data to system activity file: Success.\"\n\nIn this updated package, the sadc utility tries to write the remaining\ninput, resolving this issue. (BZ#454617)\n\n* On the Itanium architecture, the \"sar -I\" command provided incorrect\ninformation about the interrupt statistics of the system. With this update,\nthe \"sar -I\" command has been disabled for this architecture, preventing\nthis bug. (BZ#468340)\n\n* Previously, the \"iostat -n\" command used invalid data to create\nstatistics for read and write operations. With this update, the data source\nfor these statistics has been fixed, and the iostat utility now returns\ncorrect information. (BZ#484439)\n\n* The \"sar -d\" command used to output invalid data about block devices.\nWith this update, the sar utility recognizes disk registration and disk\noverflow statistics properly, and only correct and relevant data is now\ndisplayed. (BZ#517490)\n\n* Previously, the sar utility set the maximum number of days to be logged\nin one month too high. Consequently, data from a month was appended to\ndata from the preceding month. With this update, the maximum number of days\nhas been set to 25, and data from a month now correctly replaces data from\nthe preceding month. (BZ#578929)\n\n* In previous versions of the iostat utility, the number of NFS mount\npoints was hard-coded. Consequently, various issues occurred while iostat\nwas running and NFS mount points were mounted or unmounted; certain values\nin iostat reports overflowed and some mount points were not reported at\nall. With this update, iostat properly recognizes when an NFS mount point\nmounts or unmounts, fixing these issues. (BZ#675058, BZ#706095, BZ#694767)\n\n* When a device name was longer than 13 characters, the iostat utility\nprinted a redundant new line character, making its output less readable.\nThis bug has been fixed and now, no extra characters are printed if a long\ndevice name occurs in iostat output. (BZ#604637)\n\n* Previously, if kernel interrupt counters overflowed, the sar utility\nprovided confusing output. This bug has been fixed and the sum of\ninterrupts is now reported correctly. (BZ#622557)\n\n* When some processors were disabled on a multi-processor system, the sar\nutility sometimes failed to provide information about the CPU activity.\nWith this update, the uptime of a single processor is used to compute the\nstatistics, rather than the total uptime of all processors, and this bug no\nlonger occurs. (BZ#630559)\n\n* Previously, the mpstat utility wrongly interpreted data about processors\nin the system. Consequently, it reported a processor that did not exist.\nThis bug has been fixed and non-existent CPUs are no longer reported by\nmpstat. (BZ#579409)\n\n* Previously, there was no easy way to enable the collection of statistics\nabout disks and interrupts. Now, the SADC_OPTIONS variable can be used to\nset parameters for the sadc utility, fixing this bug. (BZ#598794)\n\n* The read_uptime() function failed to close its open file upon exit. A\npatch has been provided to fix this bug. (BZ#696672)\n\nThis update also adds the following enhancement:\n\n* With this update, the cifsiostat utility has been added to the sysstat\npackage to provide CIFS (Common Internet File System) mount point I/O\nstatistics. (BZ#591530)\n\nAll sysstat users are advised to upgrade to this updated package, which\ncontains backported patches to correct these issues and add this\nenhancement.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2011:1005",
        "url": "https://access.redhat.com/errata/RHSA-2011:1005"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#low",
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "251200",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=251200"
      },
      {
        "category": "external",
        "summary": "454617",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454617"
      },
      {
        "category": "external",
        "summary": "484439",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=484439"
      },
      {
        "category": "external",
        "summary": "517490",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=517490"
      },
      {
        "category": "external",
        "summary": "578929",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578929"
      },
      {
        "category": "external",
        "summary": "579409",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=579409"
      },
      {
        "category": "external",
        "summary": "598794",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=598794"
      },
      {
        "category": "external",
        "summary": "604637",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=604637"
      },
      {
        "category": "external",
        "summary": "622557",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=622557"
      },
      {
        "category": "external",
        "summary": "630559",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630559"
      },
      {
        "category": "external",
        "summary": "675058",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675058"
      },
      {
        "category": "external",
        "summary": "694767",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694767"
      },
      {
        "category": "external",
        "summary": "696672",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696672"
      },
      {
        "category": "external",
        "summary": "706095",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=706095"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2011/rhsa-2011_1005.json"
      }
    ],
    "title": "Red Hat Security Advisory: sysstat security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2024-11-22T04:16:59+00:00",
      "generator": {
        "date": "2024-11-22T04:16:59+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2011:1005",
      "initial_release_date": "2011-07-21T09:22:00+00:00",
      "revision_history": [
        {
          "date": "2011-07-21T09:22:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2011-07-21T06:39:28+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T04:16:59+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                  "product_id": "5Client",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux (v. 5 server)",
                "product": {
                  "name": "Red Hat Enterprise Linux (v. 5 server)",
                  "product_id": "5Server",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sysstat-0:7.0.2-11.el5.src",
                "product": {
                  "name": "sysstat-0:7.0.2-11.el5.src",
                  "product_id": "sysstat-0:7.0.2-11.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sysstat@7.0.2-11.el5?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sysstat-0:7.0.2-11.el5.x86_64",
                "product": {
                  "name": "sysstat-0:7.0.2-11.el5.x86_64",
                  "product_id": "sysstat-0:7.0.2-11.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sysstat@7.0.2-11.el5?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "sysstat-debuginfo-0:7.0.2-11.el5.x86_64",
                "product": {
                  "name": "sysstat-debuginfo-0:7.0.2-11.el5.x86_64",
                  "product_id": "sysstat-debuginfo-0:7.0.2-11.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sysstat-debuginfo@7.0.2-11.el5?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sysstat-0:7.0.2-11.el5.i386",
                "product": {
                  "name": "sysstat-0:7.0.2-11.el5.i386",
                  "product_id": "sysstat-0:7.0.2-11.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sysstat@7.0.2-11.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "sysstat-debuginfo-0:7.0.2-11.el5.i386",
                "product": {
                  "name": "sysstat-debuginfo-0:7.0.2-11.el5.i386",
                  "product_id": "sysstat-debuginfo-0:7.0.2-11.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sysstat-debuginfo@7.0.2-11.el5?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sysstat-0:7.0.2-11.el5.ia64",
                "product": {
                  "name": "sysstat-0:7.0.2-11.el5.ia64",
                  "product_id": "sysstat-0:7.0.2-11.el5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sysstat@7.0.2-11.el5?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "sysstat-debuginfo-0:7.0.2-11.el5.ia64",
                "product": {
                  "name": "sysstat-debuginfo-0:7.0.2-11.el5.ia64",
                  "product_id": "sysstat-debuginfo-0:7.0.2-11.el5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sysstat-debuginfo@7.0.2-11.el5?arch=ia64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sysstat-0:7.0.2-11.el5.ppc",
                "product": {
                  "name": "sysstat-0:7.0.2-11.el5.ppc",
                  "product_id": "sysstat-0:7.0.2-11.el5.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sysstat@7.0.2-11.el5?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "sysstat-debuginfo-0:7.0.2-11.el5.ppc",
                "product": {
                  "name": "sysstat-debuginfo-0:7.0.2-11.el5.ppc",
                  "product_id": "sysstat-debuginfo-0:7.0.2-11.el5.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sysstat-debuginfo@7.0.2-11.el5?arch=ppc"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sysstat-0:7.0.2-11.el5.s390x",
                "product": {
                  "name": "sysstat-0:7.0.2-11.el5.s390x",
                  "product_id": "sysstat-0:7.0.2-11.el5.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sysstat@7.0.2-11.el5?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "sysstat-debuginfo-0:7.0.2-11.el5.s390x",
                "product": {
                  "name": "sysstat-debuginfo-0:7.0.2-11.el5.s390x",
                  "product_id": "sysstat-debuginfo-0:7.0.2-11.el5.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sysstat-debuginfo@7.0.2-11.el5?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-0:7.0.2-11.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sysstat-0:7.0.2-11.el5.i386"
        },
        "product_reference": "sysstat-0:7.0.2-11.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-0:7.0.2-11.el5.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sysstat-0:7.0.2-11.el5.ia64"
        },
        "product_reference": "sysstat-0:7.0.2-11.el5.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-0:7.0.2-11.el5.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sysstat-0:7.0.2-11.el5.ppc"
        },
        "product_reference": "sysstat-0:7.0.2-11.el5.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-0:7.0.2-11.el5.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sysstat-0:7.0.2-11.el5.s390x"
        },
        "product_reference": "sysstat-0:7.0.2-11.el5.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-0:7.0.2-11.el5.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sysstat-0:7.0.2-11.el5.src"
        },
        "product_reference": "sysstat-0:7.0.2-11.el5.src",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-0:7.0.2-11.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sysstat-0:7.0.2-11.el5.x86_64"
        },
        "product_reference": "sysstat-0:7.0.2-11.el5.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-debuginfo-0:7.0.2-11.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sysstat-debuginfo-0:7.0.2-11.el5.i386"
        },
        "product_reference": "sysstat-debuginfo-0:7.0.2-11.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-debuginfo-0:7.0.2-11.el5.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sysstat-debuginfo-0:7.0.2-11.el5.ia64"
        },
        "product_reference": "sysstat-debuginfo-0:7.0.2-11.el5.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-debuginfo-0:7.0.2-11.el5.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sysstat-debuginfo-0:7.0.2-11.el5.ppc"
        },
        "product_reference": "sysstat-debuginfo-0:7.0.2-11.el5.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-debuginfo-0:7.0.2-11.el5.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sysstat-debuginfo-0:7.0.2-11.el5.s390x"
        },
        "product_reference": "sysstat-debuginfo-0:7.0.2-11.el5.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-debuginfo-0:7.0.2-11.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sysstat-debuginfo-0:7.0.2-11.el5.x86_64"
        },
        "product_reference": "sysstat-debuginfo-0:7.0.2-11.el5.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-0:7.0.2-11.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sysstat-0:7.0.2-11.el5.i386"
        },
        "product_reference": "sysstat-0:7.0.2-11.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-0:7.0.2-11.el5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sysstat-0:7.0.2-11.el5.ia64"
        },
        "product_reference": "sysstat-0:7.0.2-11.el5.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-0:7.0.2-11.el5.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sysstat-0:7.0.2-11.el5.ppc"
        },
        "product_reference": "sysstat-0:7.0.2-11.el5.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-0:7.0.2-11.el5.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sysstat-0:7.0.2-11.el5.s390x"
        },
        "product_reference": "sysstat-0:7.0.2-11.el5.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-0:7.0.2-11.el5.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sysstat-0:7.0.2-11.el5.src"
        },
        "product_reference": "sysstat-0:7.0.2-11.el5.src",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-0:7.0.2-11.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sysstat-0:7.0.2-11.el5.x86_64"
        },
        "product_reference": "sysstat-0:7.0.2-11.el5.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-debuginfo-0:7.0.2-11.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sysstat-debuginfo-0:7.0.2-11.el5.i386"
        },
        "product_reference": "sysstat-debuginfo-0:7.0.2-11.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-debuginfo-0:7.0.2-11.el5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sysstat-debuginfo-0:7.0.2-11.el5.ia64"
        },
        "product_reference": "sysstat-debuginfo-0:7.0.2-11.el5.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-debuginfo-0:7.0.2-11.el5.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sysstat-debuginfo-0:7.0.2-11.el5.ppc"
        },
        "product_reference": "sysstat-debuginfo-0:7.0.2-11.el5.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-debuginfo-0:7.0.2-11.el5.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sysstat-debuginfo-0:7.0.2-11.el5.s390x"
        },
        "product_reference": "sysstat-debuginfo-0:7.0.2-11.el5.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-debuginfo-0:7.0.2-11.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sysstat-debuginfo-0:7.0.2-11.el5.x86_64"
        },
        "product_reference": "sysstat-debuginfo-0:7.0.2-11.el5.x86_64",
        "relates_to_product_reference": "5Server"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-3852",
      "cwe": {
        "id": "CWE-377",
        "name": "Insecure Temporary File"
      },
      "discovery_date": "2007-08-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "251200"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "sysstat insecure temporary file usage",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect the versions of sysstat as shipped with Red Hat Enterprise Linux 4. This issue has been addressed in Red Hat Enterprise Linux 5 via RHSA-2011:1005 advisory.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:sysstat-0:7.0.2-11.el5.i386",
          "5Client:sysstat-0:7.0.2-11.el5.ia64",
          "5Client:sysstat-0:7.0.2-11.el5.ppc",
          "5Client:sysstat-0:7.0.2-11.el5.s390x",
          "5Client:sysstat-0:7.0.2-11.el5.src",
          "5Client:sysstat-0:7.0.2-11.el5.x86_64",
          "5Client:sysstat-debuginfo-0:7.0.2-11.el5.i386",
          "5Client:sysstat-debuginfo-0:7.0.2-11.el5.ia64",
          "5Client:sysstat-debuginfo-0:7.0.2-11.el5.ppc",
          "5Client:sysstat-debuginfo-0:7.0.2-11.el5.s390x",
          "5Client:sysstat-debuginfo-0:7.0.2-11.el5.x86_64",
          "5Server:sysstat-0:7.0.2-11.el5.i386",
          "5Server:sysstat-0:7.0.2-11.el5.ia64",
          "5Server:sysstat-0:7.0.2-11.el5.ppc",
          "5Server:sysstat-0:7.0.2-11.el5.s390x",
          "5Server:sysstat-0:7.0.2-11.el5.src",
          "5Server:sysstat-0:7.0.2-11.el5.x86_64",
          "5Server:sysstat-debuginfo-0:7.0.2-11.el5.i386",
          "5Server:sysstat-debuginfo-0:7.0.2-11.el5.ia64",
          "5Server:sysstat-debuginfo-0:7.0.2-11.el5.ppc",
          "5Server:sysstat-debuginfo-0:7.0.2-11.el5.s390x",
          "5Server:sysstat-debuginfo-0:7.0.2-11.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-3852"
        },
        {
          "category": "external",
          "summary": "RHBZ#251200",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=251200"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3852",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-3852"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3852",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3852"
        }
      ],
      "release_date": "2007-08-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2011-07-21T09:22:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259",
          "product_ids": [
            "5Client:sysstat-0:7.0.2-11.el5.i386",
            "5Client:sysstat-0:7.0.2-11.el5.ia64",
            "5Client:sysstat-0:7.0.2-11.el5.ppc",
            "5Client:sysstat-0:7.0.2-11.el5.s390x",
            "5Client:sysstat-0:7.0.2-11.el5.src",
            "5Client:sysstat-0:7.0.2-11.el5.x86_64",
            "5Client:sysstat-debuginfo-0:7.0.2-11.el5.i386",
            "5Client:sysstat-debuginfo-0:7.0.2-11.el5.ia64",
            "5Client:sysstat-debuginfo-0:7.0.2-11.el5.ppc",
            "5Client:sysstat-debuginfo-0:7.0.2-11.el5.s390x",
            "5Client:sysstat-debuginfo-0:7.0.2-11.el5.x86_64",
            "5Server:sysstat-0:7.0.2-11.el5.i386",
            "5Server:sysstat-0:7.0.2-11.el5.ia64",
            "5Server:sysstat-0:7.0.2-11.el5.ppc",
            "5Server:sysstat-0:7.0.2-11.el5.s390x",
            "5Server:sysstat-0:7.0.2-11.el5.src",
            "5Server:sysstat-0:7.0.2-11.el5.x86_64",
            "5Server:sysstat-debuginfo-0:7.0.2-11.el5.i386",
            "5Server:sysstat-debuginfo-0:7.0.2-11.el5.ia64",
            "5Server:sysstat-debuginfo-0:7.0.2-11.el5.ppc",
            "5Server:sysstat-debuginfo-0:7.0.2-11.el5.s390x",
            "5Server:sysstat-debuginfo-0:7.0.2-11.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2011:1005"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "5Client:sysstat-0:7.0.2-11.el5.i386",
            "5Client:sysstat-0:7.0.2-11.el5.ia64",
            "5Client:sysstat-0:7.0.2-11.el5.ppc",
            "5Client:sysstat-0:7.0.2-11.el5.s390x",
            "5Client:sysstat-0:7.0.2-11.el5.src",
            "5Client:sysstat-0:7.0.2-11.el5.x86_64",
            "5Client:sysstat-debuginfo-0:7.0.2-11.el5.i386",
            "5Client:sysstat-debuginfo-0:7.0.2-11.el5.ia64",
            "5Client:sysstat-debuginfo-0:7.0.2-11.el5.ppc",
            "5Client:sysstat-debuginfo-0:7.0.2-11.el5.s390x",
            "5Client:sysstat-debuginfo-0:7.0.2-11.el5.x86_64",
            "5Server:sysstat-0:7.0.2-11.el5.i386",
            "5Server:sysstat-0:7.0.2-11.el5.ia64",
            "5Server:sysstat-0:7.0.2-11.el5.ppc",
            "5Server:sysstat-0:7.0.2-11.el5.s390x",
            "5Server:sysstat-0:7.0.2-11.el5.src",
            "5Server:sysstat-0:7.0.2-11.el5.x86_64",
            "5Server:sysstat-debuginfo-0:7.0.2-11.el5.i386",
            "5Server:sysstat-debuginfo-0:7.0.2-11.el5.ia64",
            "5Server:sysstat-debuginfo-0:7.0.2-11.el5.ppc",
            "5Server:sysstat-debuginfo-0:7.0.2-11.el5.s390x",
            "5Server:sysstat-debuginfo-0:7.0.2-11.el5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "sysstat insecure temporary file usage"
    }
  ]
}

GHSA-R5HC-32F3-WH4R

Vulnerability from github – Published: 2022-05-01 18:17 – Updated: 2022-05-01 18:17

Details

The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-3852"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-08-14T18:17:00Z",
    "severity": "MODERATE"
  },
  "details": "The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.",
  "id": "GHSA-r5hc-32f3-wh4r",
  "modified": "2022-05-01T18:17:49Z",
  "published": "2022-05-01T18:17:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3852"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2011:1005"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2007-3852"
    },
    {
      "type": "WEB",
      "url": "https://bugs.gentoo.org/show_bug.cgi?id=188808"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=251200"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36045"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/39709"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26527"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1005.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/25380"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

OPENSUSE-SU-2024:11419-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

sysstat-12.4.3-3.2 on GA media

Notes

Title of the patch

sysstat-12.4.3-3.2 on GA media

Description of the patch

These are all security issues fixed in the sysstat-12.4.3-3.2 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-11419

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "sysstat-12.4.3-3.2 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the sysstat-12.4.3-3.2 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-11419",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11419-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2007-3852 page",
        "url": "https://www.suse.com/security/cve/CVE-2007-3852/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-19416 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-19416/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-19517 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-19517/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-16167 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-16167/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-19725 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-19725/"
      }
    ],
    "title": "sysstat-12.4.3-3.2 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:11419-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sysstat-12.4.3-3.2.aarch64",
                "product": {
                  "name": "sysstat-12.4.3-3.2.aarch64",
                  "product_id": "sysstat-12.4.3-3.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "sysstat-isag-12.4.3-3.2.aarch64",
                "product": {
                  "name": "sysstat-isag-12.4.3-3.2.aarch64",
                  "product_id": "sysstat-isag-12.4.3-3.2.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sysstat-12.4.3-3.2.ppc64le",
                "product": {
                  "name": "sysstat-12.4.3-3.2.ppc64le",
                  "product_id": "sysstat-12.4.3-3.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "sysstat-isag-12.4.3-3.2.ppc64le",
                "product": {
                  "name": "sysstat-isag-12.4.3-3.2.ppc64le",
                  "product_id": "sysstat-isag-12.4.3-3.2.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sysstat-12.4.3-3.2.s390x",
                "product": {
                  "name": "sysstat-12.4.3-3.2.s390x",
                  "product_id": "sysstat-12.4.3-3.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "sysstat-isag-12.4.3-3.2.s390x",
                "product": {
                  "name": "sysstat-isag-12.4.3-3.2.s390x",
                  "product_id": "sysstat-isag-12.4.3-3.2.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sysstat-12.4.3-3.2.x86_64",
                "product": {
                  "name": "sysstat-12.4.3-3.2.x86_64",
                  "product_id": "sysstat-12.4.3-3.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "sysstat-isag-12.4.3-3.2.x86_64",
                "product": {
                  "name": "sysstat-isag-12.4.3-3.2.x86_64",
                  "product_id": "sysstat-isag-12.4.3-3.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-12.4.3-3.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:sysstat-12.4.3-3.2.aarch64"
        },
        "product_reference": "sysstat-12.4.3-3.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-12.4.3-3.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:sysstat-12.4.3-3.2.ppc64le"
        },
        "product_reference": "sysstat-12.4.3-3.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-12.4.3-3.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:sysstat-12.4.3-3.2.s390x"
        },
        "product_reference": "sysstat-12.4.3-3.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-12.4.3-3.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:sysstat-12.4.3-3.2.x86_64"
        },
        "product_reference": "sysstat-12.4.3-3.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-isag-12.4.3-3.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.aarch64"
        },
        "product_reference": "sysstat-isag-12.4.3-3.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-isag-12.4.3-3.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.ppc64le"
        },
        "product_reference": "sysstat-isag-12.4.3-3.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-isag-12.4.3-3.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.s390x"
        },
        "product_reference": "sysstat-isag-12.4.3-3.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sysstat-isag-12.4.3-3.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.x86_64"
        },
        "product_reference": "sysstat-isag-12.4.3-3.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-3852",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2007-3852"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:sysstat-12.4.3-3.2.aarch64",
          "openSUSE Tumbleweed:sysstat-12.4.3-3.2.ppc64le",
          "openSUSE Tumbleweed:sysstat-12.4.3-3.2.s390x",
          "openSUSE Tumbleweed:sysstat-12.4.3-3.2.x86_64",
          "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.aarch64",
          "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.ppc64le",
          "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.s390x",
          "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2007-3852",
          "url": "https://www.suse.com/security/cve/CVE-2007-3852"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 298308 for CVE-2007-3852",
          "url": "https://bugzilla.suse.com/298308"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.aarch64",
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.ppc64le",
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.s390x",
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.x86_64",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.aarch64",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.ppc64le",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.s390x",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2007-3852"
    },
    {
      "cve": "CVE-2018-19416",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-19416"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memmove call, as demonstrated by sadf.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:sysstat-12.4.3-3.2.aarch64",
          "openSUSE Tumbleweed:sysstat-12.4.3-3.2.ppc64le",
          "openSUSE Tumbleweed:sysstat-12.4.3-3.2.s390x",
          "openSUSE Tumbleweed:sysstat-12.4.3-3.2.x86_64",
          "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.aarch64",
          "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.ppc64le",
          "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.s390x",
          "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-19416",
          "url": "https://www.suse.com/security/cve/CVE-2018-19416"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1117001 for CVE-2018-19416",
          "url": "https://bugzilla.suse.com/1117001"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.aarch64",
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.ppc64le",
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.s390x",
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.x86_64",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.aarch64",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.ppc64le",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.s390x",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.aarch64",
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.ppc64le",
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.s390x",
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.x86_64",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.aarch64",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.ppc64le",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.s390x",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-19416"
    },
    {
      "cve": "CVE-2018-19517",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-19517"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memset call, as demonstrated by sadf.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:sysstat-12.4.3-3.2.aarch64",
          "openSUSE Tumbleweed:sysstat-12.4.3-3.2.ppc64le",
          "openSUSE Tumbleweed:sysstat-12.4.3-3.2.s390x",
          "openSUSE Tumbleweed:sysstat-12.4.3-3.2.x86_64",
          "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.aarch64",
          "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.ppc64le",
          "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.s390x",
          "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-19517",
          "url": "https://www.suse.com/security/cve/CVE-2018-19517"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1117260 for CVE-2018-19517",
          "url": "https://bugzilla.suse.com/1117260"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.aarch64",
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.ppc64le",
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.s390x",
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.x86_64",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.aarch64",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.ppc64le",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.s390x",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.aarch64",
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.ppc64le",
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.s390x",
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.x86_64",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.aarch64",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.ppc64le",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.s390x",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-19517"
    },
    {
      "cve": "CVE-2019-16167",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-16167"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:sysstat-12.4.3-3.2.aarch64",
          "openSUSE Tumbleweed:sysstat-12.4.3-3.2.ppc64le",
          "openSUSE Tumbleweed:sysstat-12.4.3-3.2.s390x",
          "openSUSE Tumbleweed:sysstat-12.4.3-3.2.x86_64",
          "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.aarch64",
          "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.ppc64le",
          "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.s390x",
          "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-16167",
          "url": "https://www.suse.com/security/cve/CVE-2019-16167"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1150114 for CVE-2019-16167",
          "url": "https://bugzilla.suse.com/1150114"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.aarch64",
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.ppc64le",
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.s390x",
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.x86_64",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.aarch64",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.ppc64le",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.s390x",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.aarch64",
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.ppc64le",
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.s390x",
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.x86_64",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.aarch64",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.ppc64le",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.s390x",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2019-16167"
    },
    {
      "cve": "CVE-2019-19725",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-19725"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:sysstat-12.4.3-3.2.aarch64",
          "openSUSE Tumbleweed:sysstat-12.4.3-3.2.ppc64le",
          "openSUSE Tumbleweed:sysstat-12.4.3-3.2.s390x",
          "openSUSE Tumbleweed:sysstat-12.4.3-3.2.x86_64",
          "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.aarch64",
          "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.ppc64le",
          "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.s390x",
          "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-19725",
          "url": "https://www.suse.com/security/cve/CVE-2019-19725"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1159104 for CVE-2019-19725",
          "url": "https://bugzilla.suse.com/1159104"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201108 for CVE-2019-19725",
          "url": "https://bugzilla.suse.com/1201108"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.aarch64",
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.ppc64le",
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.s390x",
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.x86_64",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.aarch64",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.ppc64le",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.s390x",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.aarch64",
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.ppc64le",
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.s390x",
            "openSUSE Tumbleweed:sysstat-12.4.3-3.2.x86_64",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.aarch64",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.ppc64le",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.s390x",
            "openSUSE Tumbleweed:sysstat-isag-12.4.3-3.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-19725"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-3852 (GCVE-0-2007-3852)

FKIE_CVE-2007-3852

GSD-2007-3852

RHSA-2011:1005

RHSA-2011_1005

GHSA-R5HC-32F3-WH4R

OPENSUSE-SU-2024:11419-1

Tags

Sightings

Nomenclature