Scientific Linux Security Update : sysstat on SL5.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.

Synopsis :

The remote Scientific Linux host is missing a security update.

Description :

The sysstat package contains a set of utilities which enable system
monitoring of disks, network, and other I/O activity.

It was found that the sysstat initscript created a temporary file in
an insecure way. A local attacker could use this flaw to create
arbitrary files via a symbolic link attack. (CVE-2007-3852)

This update fixes the following bugs :

- On systems under heavy load, the sadc utility would
sometimes output the following error message if a
write() call was unable to write all of the requested
input :

'Cannot write data to system activity file: Success.'

In this updated package, the sadc utility tries to write the remaining
input, resolving this issue.

- On the Itanium architecture, the 'sar -I' command
provided incorrect information about the interrupt
statistics of the system. With this update, the 'sar -I'
command has been disabled for this architecture,
preventing this bug.

- Previously, the 'iostat -n' command used invalid data to
create statistics for read and write operations. With
this update, the data source for these statistics has
been fixed, and the iostat utility now returns correct

- The 'sar -d' command used to output invalid data about
block devices. With this update, the sar utility
recognizes disk registration and disk overflow
statistics properly, and only correct and relevant data
is now displayed.

- Previously, the sar utility set the maximum number of
days to be logged in one month too high. Consequently,
data from a month was appended to data from the
preceding month. With this update, the maximum number of
days has been set to 25, and data from a month now
correctly replaces data from the preceding month.

- In previous versions of the iostat utility, the number
of NFS mount points was hard-coded. Consequently,
various issues occurred while iostat was running and NFS
mount points were mounted or unmounted
certain values
in iostat reports overflowed and some mount points were
not reported at all. With this update, iostat properly
recognizes when an NFS mount point mounts or unmounts,
fixing these issues.

- When a device name was longer than 13 characters, the
iostat utility printed a redundant new line character,
making its output less readable. This bug has been fixed
and now, no extra characters are printed if a long
device name occurs in iostat output.

- Previously, if kernel interrupt counters overflowed, the
sar utility provided confusing output. This bug has been
fixed and the sum of interrupts is now reported

- When some processors were disabled on a multi-processor
system, the sar utility sometimes failed to provide
information about the CPU activity. With this update,
the uptime of a single processor is used to compute the
statistics, rather than the total uptime of all
processors, and this bug no longer occurs.

- Previously, the mpstat utility wrongly interpreted data
about processors in the system. Consequently, it
reported a processor that did not exist. This bug has
been fixed and non-existent CPUs are no longer reported
by mpstat.

- Previously, there was no easy way to enable the
collection of statistics about disks and interrupts.
Now, the SADC_OPTIONS variable can be used to set
parameters for the sadc utility, fixing this bug.

- The read_uptime() function failed to close its open file
upon exit. A patch has been provided to fix this bug.

This update also adds the following enhancement :

- With this update, the cifsiostat utility has been added
to the sysstat package to provide CIFS (Common Internet
File System) mount point I/O statistics.

All sysstat users are advised to upgrade to this updated package,
which contains backported patches to correct these issues and add this

See also :

Solution :

Update the affected sysstat package.

Risk factor :

Medium / CVSS Base Score : 4.4

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 61095 ()

Bugtraq ID:

CVE ID: CVE-2007-3852

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now