Red Hat Local Security Checks : RedHat Security Advisory RHSA-2011:1019

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.69816

Category: Red Hat Local Security Checks

Title: RedHat Security Advisory RHSA-2011:1019

Summary: NOSUMMARY

Description: Description:
The remote host is missing updates announced in
advisory RHSA-2011:1019.

The sysstat package contains a set of utilities which enable system
monitoring of disks, network, and other I/O activity.

It was found that the sysstat initscript created a temporary file in an
insecure way. A local attacker could use this flaw to create arbitrary
files via a symbolic link attack. (CVE-2007-3852)

This update fixes the following bugs:

* On systems under heavy load, the sadc utility would sometimes output the
following error message if a write() call was unable to write all of the
requested input:

Cannot write data to system activity file: Success.

In this updated package, the sadc utility tries to write the remaining
input, resolving this issue. (BZ#454617)

* On the Itanium architecture, the sar -I command provided incorrect
information about the interrupt statistics of the system. With this update,
the sar -I command has been disabled for this architecture, preventing
this bug. (BZ#468340)

* Previously, the iostat -n command used invalid data to create
statistics for read and write operations. With this update, the data source
for these statistics has been fixed, and the iostat utility now returns
correct information. (BZ#484439)

* The sar -d command used to output invalid data about block devices.
With this update, the sar utility recognizes disk registration and disk
overflow statistics properly, and only correct and relevant data is now
displayed. (BZ#517490)

* Previously, the sar utility set the maximum number of days to be logged
in one month too high. Consequently, data from a month was appended to
data from the preceding month. With this update, the maximum number of days
has been set to 25, and data from a month now correctly replaces data from
the preceding month. (BZ#578929)

* In previous versions of the iostat utility, the number of NFS mount
points was hard-coded. Consequently, various issues occurred while iostat
was running and NFS mount points were mounted or unmounted
certain values
in iostat reports overflowed and some mount points were not reported at
all. With this update, iostat properly recognizes when an NFS mount point
mounts or unmounts, fixing these issues. (BZ#675058, BZ#706095, BZ#694767)

* When a device name was longer than 13 characters, the iostat utility
printed a redundant new line character, making its output less readable.
This bug has been fixed and now, no extra characters are printed if a long
device name occurs in iostat output. (BZ#604637)

* Previously, if kernel interrupt counters overflowed, the sar utility
provided confusing output. This bug has been fixed and the sum of
interrupts is now reported correctly. (BZ#622557)

* When some processors were disabled on a multi-processor system, the sar
utility sometimes failed to provide information about the CPU activity.
With this update, the uptime of a single processor is used to compute the
statistics, rather than the total uptime of all processors, and this bug no
longer occurs. (BZ#630559)

* Previously, the mpstat utility wrongly interpreted data about processors
in the system. Consequently, it reported a processor that did not exist.
This bug has been fixed and non-existent CPUs are no longer reported by
mpstat. (BZ#579409)

* Previously, there was no easy way to enable the collection of statistics
about disks and interrupts. Now, the SADC_OPTIONS variable can be used to
set parameters for the sadc utility, fixing this bug. (BZ#598794)

* The read_uptime() function failed to close its open file upon exit. A
patch has been provided to fix this bug. (BZ#696672)

This update also adds the following enhancement:

* With this update, the cifsiostat utility has been added to the sysstat
package to provide CIFS (Common Internet File System) mount point I/O
statistics. (BZ#591530)

All sysstat users are advised to upgrade to this updated package, which
contains backported patches to correct these issues and add this
enhancement.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2011-1019.html

Risk factor : Medium

CVSS Score:
4.4

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-3852
25380
http://www.securityfocus.com/bid/25380
26527
http://secunia.com/advisories/26527
39709
http://osvdb.org/39709
RHSA-2011:1005
http://www.redhat.com/support/errata/RHSA-2011-1005.html
https://bugs.gentoo.org/show_bug.cgi?id=188808
sysstat-init-privilege-escalation(36045)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36045

Copyright Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.69816
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2011:1019
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2011:1019. The sysstat package contains a set of utilities which enable system monitoring of disks, network, and other I/O activity. It was found that the sysstat initscript created a temporary file in an insecure way. A local attacker could use this flaw to create arbitrary files via a symbolic link attack. (CVE-2007-3852) This update fixes the following bugs: * On systems under heavy load, the sadc utility would sometimes output the following error message if a write() call was unable to write all of the requested input: Cannot write data to system activity file: Success. In this updated package, the sadc utility tries to write the remaining input, resolving this issue. (BZ#454617) * On the Itanium architecture, the sar -I command provided incorrect information about the interrupt statistics of the system. With this update, the sar -I command has been disabled for this architecture, preventing this bug. (BZ#468340) * Previously, the iostat -n command used invalid data to create statistics for read and write operations. With this update, the data source for these statistics has been fixed, and the iostat utility now returns correct information. (BZ#484439) * The sar -d command used to output invalid data about block devices. With this update, the sar utility recognizes disk registration and disk overflow statistics properly, and only correct and relevant data is now displayed. (BZ#517490) * Previously, the sar utility set the maximum number of days to be logged in one month too high. Consequently, data from a month was appended to data from the preceding month. With this update, the maximum number of days has been set to 25, and data from a month now correctly replaces data from the preceding month. (BZ#578929) * In previous versions of the iostat utility, the number of NFS mount points was hard-coded. Consequently, various issues occurred while iostat was running and NFS mount points were mounted or unmounted certain values in iostat reports overflowed and some mount points were not reported at all. With this update, iostat properly recognizes when an NFS mount point mounts or unmounts, fixing these issues. (BZ#675058, BZ#706095, BZ#694767) * When a device name was longer than 13 characters, the iostat utility printed a redundant new line character, making its output less readable. This bug has been fixed and now, no extra characters are printed if a long device name occurs in iostat output. (BZ#604637) * Previously, if kernel interrupt counters overflowed, the sar utility provided confusing output. This bug has been fixed and the sum of interrupts is now reported correctly. (BZ#622557) * When some processors were disabled on a multi-processor system, the sar utility sometimes failed to provide information about the CPU activity. With this update, the uptime of a single processor is used to compute the statistics, rather than the total uptime of all processors, and this bug no longer occurs. (BZ#630559) * Previously, the mpstat utility wrongly interpreted data about processors in the system. Consequently, it reported a processor that did not exist. This bug has been fixed and non-existent CPUs are no longer reported by mpstat. (BZ#579409) * Previously, there was no easy way to enable the collection of statistics about disks and interrupts. Now, the SADC_OPTIONS variable can be used to set parameters for the sadc utility, fixing this bug. (BZ#598794) * The read_uptime() function failed to close its open file upon exit. A patch has been provided to fix this bug. (BZ#696672) This update also adds the following enhancement: * With this update, the cifsiostat utility has been added to the sysstat package to provide CIFS (Common Internet File System) mount point I/O statistics. (BZ#591530) All sysstat users are advised to upgrade to this updated package, which contains backported patches to correct these issues and add this enhancement. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2011-1019.html Risk factor : Medium CVSS Score: 4.4
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-3852 25380 http://www.securityfocus.com/bid/25380 26527 http://secunia.com/advisories/26527 39709 http://osvdb.org/39709 RHSA-2011:1005 http://www.redhat.com/support/errata/RHSA-2011-1005.html https://bugs.gentoo.org/show_bug.cgi?id=188808 sysstat-init-privilege-escalation(36045) https://exchange.xforce.ibmcloud.com/vulnerabilities/36045
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com