CentOS Local Security Checks : CentOS Update for sysstat CESA-2011:1005 centos5 x86

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.881299

Categoría: CentOS Local Security Checks

Título: CentOS Update for sysstat CESA-2011:1005 centos5 x86_64

Resumen: The remote host is missing an update for the 'sysstat'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'sysstat'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The sysstat package contains a set of utilities which enable system
monitoring of disks, network, and other I/O activity.

It was found that the sysstat initscript created a temporary file in an
insecure way. A local attacker could use this flaw to create arbitrary
files via a symbolic link attack. (CVE-2007-3852)

This update fixes the following bugs:

* On systems under heavy load, the sadc utility would sometimes output the
following error message if a write() call was unable to write all of the
requested input:

'Cannot write data to system activity file: Success.'

In this updated package, the sadc utility tries to write the remaining
input, resolving this issue. (BZ#454617)

* On the Itanium architecture, the 'sar -I' command provided incorrect
information about the interrupt statistics of the system. With this update,
the 'sar -I' command has been disabled for this architecture, preventing
this bug. (BZ#468340)

* Previously, the 'iostat -n' command used invalid data to create
statistics for read and write operations. With this update, the data source
for these statistics has been fixed, and the iostat utility now returns
correct information. (BZ#484439)

* The 'sar -d' command used to output invalid data about block devices.
With this update, the sar utility recognizes disk registration and disk
overflow statistics properly, and only correct and relevant data is now
displayed. (BZ#517490)

* Previously, the sar utility set the maximum number of days to be logged
in one month too high. Consequently, data from a month was appended to
data from the preceding month. With this update, the maximum number of days
has been set to 25, and data from a month now correctly replaces data from
the preceding month. (BZ#578929)

* In previous versions of the iostat utility, the number of NFS mount
points was hard-coded. Consequently, various issues occurred while iostat
was running and NFS mount points were mounted or unmounted. Certain values
in iostat reports overflowed and some mount points were not reported at
all. With this update, iostat properly recognizes when an NFS mount point
mounts or unmounts, fixing these issues. (BZ#675058, BZ#706095, BZ#694767)

* When a device name was longer than 13 characters, the iostat utility
printed a redundant new line character, making its output less readable.
This bug has been fixed and now, no extra characters are printed if a long
device name occurs in iostat output. (BZ#604637)

* Previously, if kernel inte ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
sysstat on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
4.4

CVSS Vector:
AV:L/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-3852
BugTraq ID: 25380
http://www.securityfocus.com/bid/25380
http://osvdb.org/39709
http://www.redhat.com/support/errata/RHSA-2011-1005.html
http://secunia.com/advisories/26527
XForce ISS Database: sysstat-init-privilege-escalation(36045)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36045

Copyright Copyright (c) 2012 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.881299
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for sysstat CESA-2011:1005 centos5 x86_64
Resumen:	The remote host is missing an update for the 'sysstat'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'sysstat' package(s) announced via the referenced advisory. Vulnerability Insight: The sysstat package contains a set of utilities which enable system monitoring of disks, network, and other I/O activity. It was found that the sysstat initscript created a temporary file in an insecure way. A local attacker could use this flaw to create arbitrary files via a symbolic link attack. (CVE-2007-3852) This update fixes the following bugs: * On systems under heavy load, the sadc utility would sometimes output the following error message if a write() call was unable to write all of the requested input: 'Cannot write data to system activity file: Success.' In this updated package, the sadc utility tries to write the remaining input, resolving this issue. (BZ#454617) * On the Itanium architecture, the 'sar -I' command provided incorrect information about the interrupt statistics of the system. With this update, the 'sar -I' command has been disabled for this architecture, preventing this bug. (BZ#468340) * Previously, the 'iostat -n' command used invalid data to create statistics for read and write operations. With this update, the data source for these statistics has been fixed, and the iostat utility now returns correct information. (BZ#484439) * The 'sar -d' command used to output invalid data about block devices. With this update, the sar utility recognizes disk registration and disk overflow statistics properly, and only correct and relevant data is now displayed. (BZ#517490) * Previously, the sar utility set the maximum number of days to be logged in one month too high. Consequently, data from a month was appended to data from the preceding month. With this update, the maximum number of days has been set to 25, and data from a month now correctly replaces data from the preceding month. (BZ#578929) * In previous versions of the iostat utility, the number of NFS mount points was hard-coded. Consequently, various issues occurred while iostat was running and NFS mount points were mounted or unmounted. Certain values in iostat reports overflowed and some mount points were not reported at all. With this update, iostat properly recognizes when an NFS mount point mounts or unmounts, fixing these issues. (BZ#675058, BZ#706095, BZ#694767) * When a device name was longer than 13 characters, the iostat utility printed a redundant new line character, making its output less readable. This bug has been fixed and now, no extra characters are printed if a long device name occurs in iostat output. (BZ#604637) * Previously, if kernel inte ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: sysstat on CentOS 5 Solution: Please install the updated packages. CVSS Score: 4.4 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-3852 BugTraq ID: 25380 http://www.securityfocus.com/bid/25380 http://osvdb.org/39709 http://www.redhat.com/support/errata/RHSA-2011-1005.html http://secunia.com/advisories/26527 XForce ISS Database: sysstat-init-privilege-escalation(36045) https://exchange.xforce.ibmcloud.com/vulnerabilities/36045
Copyright	Copyright (c) 2012 Greenbone Networks GmbH