• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Sysstat Isag Temporary File Creation Vulnerability

Solution:
SGI has released an advisory (20040302-01-U) and fixes to address this issue. Please see the attached advisory for further details on applying and obtaining fixes, fixes are linked below.

Debian has released an advisory (DSA 460-1) and fixes to address this issue. Please see the attached advisory for details on applying and obtaining fixes.

Red Hat has released advisory RHSA-2004:093-01 to address this issue.

Red Hat also released advisory RHSA-2004:053-16 for their enterprise distributions. Please see the attached advisory for details on applying and obtaining fixes.

Trustix Secure Linux has released advisory TSLSA-2004-0011 dealing with this issue. Please see the reference section for more information and details on obtaining fixes.

Debian has released advisory DSA 460-2 as an update to their original advisory (DSA 460-1). They have discovered that the original fixes did not completely resolve the issue. It is strongly recommended that users upgrade who are using the latest fixes.

The vendor has released Sysstat 5.0.2 to address the issue.

Gentoo has released advisory GLSA 200404-04 and fixes for this issue. They advise that users upgrade by taking the following steps at the command line:

# emerge sync
# emerge -pv ">=app-admin/sysstat-5.0.2"
# emerge ">=app-admin/sysstat-5.0.2"

Please see the referenced Gentoo advisory for more information.

SUSE has released an advisory SuSE-SA:2004:009 to address this and other issues. Please see the advisory for more information.


RedHat sysstat-4.0.7-3.i386.rpm

• Red Hat sysstat-4.0.7-4.rhl9.1.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/sysstat-4.0.7-4.rhl9.1.i386.rpm

SGI ProPack 2.3

• SGI patch10058.tar.gz
  ftp://patches.sgi.com/support/free/security/patches/ProPack/2.3/patch1 0058.tar.gz

SGI ProPack 2.4

• SGI patch10059.tar.gz
  ftp://patches.sgi.com/support/free/security/patches/ProPack/2.4/patch1 0059.tar.gz

Sysstat Sysstat 4.0.1

• Debian isag_4.0.4-1woody2_all.deb
  Architecture independant:
  http://security.debian.org/pool/updates/main/s/sysstat/isag_4.0.4-1woo dy2_all.deb


• Debian sysstat_4.0.4-1woody2_alpha.deb
  Alpha architecture:
  http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1 woody2_alpha.deb


• Debian sysstat_4.0.4-1woody2_arm.deb
  ARM architecture:
  http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1 woody2_arm.deb


• Debian sysstat_4.0.4-1woody2_hppa.deb
  HP Precision architecture:
  http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1 woody2_hppa.deb


• Debian sysstat_4.0.4-1woody2_i386.deb
  IA-32 architecture:
  http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1 woody2_i386.deb


• Debian sysstat_4.0.4-1woody2_ia64.deb
  IA-64 architecture:
  http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1 woody2_ia64.deb


• Debian sysstat_4.0.4-1woody2_m68k.deb
  Motorola 680x0 architecture:
  http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1 woody2_m68k.deb


• Debian sysstat_4.0.4-1woody2_mips.deb
  Big Endian MIPS architecture:
  http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1 woody2_mips.deb


• Debian sysstat_4.0.4-1woody2_mipsel.deb
  Little Endian MIPS architecture:
  http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1 woody2_mipsel.deb


• Debian sysstat_4.0.4-1woody2_powerpc.deb
  PowerPC architecture:
  http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1 woody2_powerpc.deb


• Debian sysstat_4.0.4-1woody2_s390.deb
  IBM S/390 architecture:
  http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1 woody2_s390.deb


• Debian sysstat_4.0.4-1woody2_sparc.deb
  Sun Sparc architecture:
  http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1 woody2_sparc.deb


• Sysstat Sysstat 5.0.2
  http://perso.wanadoo.fr/sebastien.godard/download_en.html

Sysstat Sysstat 4.0.7

• Sysstat Sysstat 5.0.2
  http://perso.wanadoo.fr/sebastien.godard/download_en.html

Sysstat Sysstat 4.1.1

• Sysstat Sysstat 5.0.2
  http://perso.wanadoo.fr/sebastien.godard/download_en.html

Sysstat Sysstat 4.1.2

• Sysstat Sysstat 5.0.2
  http://perso.wanadoo.fr/sebastien.godard/download_en.html

Sysstat Sysstat 4.1.3

• Sysstat Sysstat 5.0.2
  http://perso.wanadoo.fr/sebastien.godard/download_en.html

Sysstat Sysstat 4.1.4

• Sysstat Sysstat 5.0.2
  http://perso.wanadoo.fr/sebastien.godard/download_en.html

Sysstat Sysstat 4.1.5

• Sysstat Sysstat 5.0.2
  http://perso.wanadoo.fr/sebastien.godard/download_en.html

Sysstat Sysstat 4.1.6

• Sysstat Sysstat 5.0.2
  http://perso.wanadoo.fr/sebastien.godard/download_en.html

Sysstat Sysstat 4.1.7

• Sysstat Sysstat 5.0.2
  http://perso.wanadoo.fr/sebastien.godard/download_en.html

Sysstat Sysstat 5.0.1

• Sysstat Sysstat 5.0.2
  http://perso.wanadoo.fr/sebastien.godard/download_en.html