ID CVE-2009-3894
Summary Multiple untrusted search path vulnerabilities in dstat before 0.7.0 allow local users to gain privileges via a Trojan horse Python module in (1) the current working directory or (2) a certain subdirectory of the current working directory.
References
Vulnerable Configurations
  • cpe:2.3:a:dag.wieers:dstat:0.6.9
    cpe:2.3:a:dag.wieers:dstat:0.6.9
  • cpe:2.3:a:dag.wieers:dstat:0.6.8
    cpe:2.3:a:dag.wieers:dstat:0.6.8
  • cpe:2.3:a:dag.wieers:dstat:0.6.7
    cpe:2.3:a:dag.wieers:dstat:0.6.7
  • cpe:2.3:a:dag.wieers:dstat:0.6.6
    cpe:2.3:a:dag.wieers:dstat:0.6.6
  • cpe:2.3:a:dag.wieers:dstat:0.6.5
    cpe:2.3:a:dag.wieers:dstat:0.6.5
  • cpe:2.3:a:dag.wieers:dstat:0.6.4
    cpe:2.3:a:dag.wieers:dstat:0.6.4
  • cpe:2.3:a:dag.wieers:dstat:0.6.3
    cpe:2.3:a:dag.wieers:dstat:0.6.3
  • cpe:2.3:a:dag.wieers:dstat:0.6.2
    cpe:2.3:a:dag.wieers:dstat:0.6.2
  • cpe:2.3:a:dag.wieers:dstat:0.6.1
    cpe:2.3:a:dag.wieers:dstat:0.6.1
  • cpe:2.3:a:dag.wieers:dstat:0.6.0
    cpe:2.3:a:dag.wieers:dstat:0.6.0
  • cpe:2.3:a:dag.wieers:dstat:0.5.10
    cpe:2.3:a:dag.wieers:dstat:0.5.10
  • cpe:2.3:a:dag.wieers:dstat:0.5.9
    cpe:2.3:a:dag.wieers:dstat:0.5.9
  • cpe:2.3:a:dag.wieers:dstat:0.5.8
    cpe:2.3:a:dag.wieers:dstat:0.5.8
  • cpe:2.3:a:dag.wieers:dstat:0.5.7
    cpe:2.3:a:dag.wieers:dstat:0.5.7
  • cpe:2.3:a:dag.wieers:dstat:0.5.6
    cpe:2.3:a:dag.wieers:dstat:0.5.6
  • cpe:2.3:a:dag.wieers:dstat:0.5.5
    cpe:2.3:a:dag.wieers:dstat:0.5.5
  • cpe:2.3:a:dag.wieers:dstat:0.5.4
    cpe:2.3:a:dag.wieers:dstat:0.5.4
  • cpe:2.3:a:dag.wieers:dstat:0.5.3
    cpe:2.3:a:dag.wieers:dstat:0.5.3
  • cpe:2.3:a:dag.wieers:dstat:0.5.2
    cpe:2.3:a:dag.wieers:dstat:0.5.2
  • cpe:2.3:a:dag.wieers:dstat:0.3
    cpe:2.3:a:dag.wieers:dstat:0.3
  • cpe:2.3:a:dag.wieers:dstat:0.4
    cpe:2.3:a:dag.wieers:dstat:0.4
  • cpe:2.3:a:dag.wieers:dstat:0.5
    cpe:2.3:a:dag.wieers:dstat:0.5
  • cpe:2.3:a:dag.wieers:dstat:0.2
    cpe:2.3:a:dag.wieers:dstat:0.2
  • cpe:2.3:a:dag.wieers:dstat:0.1
    cpe:2.3:a:dag.wieers:dstat:0.1
CVSS
Base: 4.4 (as of 30-11-2009 - 12:07)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1619.NASL
    description An updated dstat package that fixes one security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Dstat is a versatile replacement for the vmstat, iostat, and netstat tools. Dstat can be used for performance tuning tests, benchmarks, and troubleshooting. Robert Buchholz of the Gentoo Security Team reported a flaw in the Python module search path used in dstat. If a local attacker could trick a local user into running dstat from a directory containing a Python script that is named like an importable module, they could execute arbitrary code with the privileges of the user running dstat. (CVE-2009-3894) All dstat users should upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 43808
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43808
    title CentOS 5 : dstat (CESA-2009:1619)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-12663.NASL
    description - Thu Dec 3 2009 Jan Zeleny - 0.6.9-5 - added patch fixing security issue CVE-2009-3894 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 43010
    published 2009-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43010
    title Fedora 11 : dstat-0.6.9-5.fc11 (2009-12663)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200911-04.NASL
    description The remote host is affected by the vulnerability described in GLSA-200911-04 (dstat: Untrusted search path) Robert Buchholz of the Gentoo Security Team reported that dstat includes the current working directory and subdirectories in the Python module search path (sys.path) before calling 'import'. Impact : A local attacker could entice a user to run 'dstat' from a directory containing a specially crafted Python module, resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround : Do not run 'dstat' from untrusted working directories.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 42914
    published 2009-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42914
    title GLSA-200911-04 : dstat: Untrusted search path
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1619.NASL
    description An updated dstat package that fixes one security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Dstat is a versatile replacement for the vmstat, iostat, and netstat tools. Dstat can be used for performance tuning tests, benchmarks, and troubleshooting. Robert Buchholz of the Gentoo Security Team reported a flaw in the Python module search path used in dstat. If a local attacker could trick a local user into running dstat from a directory containing a Python script that is named like an importable module, they could execute arbitrary code with the privileges of the user running dstat. (CVE-2009-3894) All dstat users should upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 42945
    published 2009-12-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42945
    title RHEL 5 : dstat (RHSA-2009:1619)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-1619.NASL
    description From Red Hat Security Advisory 2009:1619 : An updated dstat package that fixes one security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Dstat is a versatile replacement for the vmstat, iostat, and netstat tools. Dstat can be used for performance tuning tests, benchmarks, and troubleshooting. Robert Buchholz of the Gentoo Security Team reported a flaw in the Python module search path used in dstat. If a local attacker could trick a local user into running dstat from a directory containing a Python script that is named like an importable module, they could execute arbitrary code with the privileges of the user running dstat. (CVE-2009-3894) All dstat users should upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 67964
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67964
    title Oracle Linux 5 : dstat (ELSA-2009-1619)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20091130_DSTAT_ON_SL5_X.NASL
    description CVE-2009-3894 dstat insecure module search path Robert Buchholz of the Gentoo Security Team reported a flaw in the Python module search path used in dstat. If a local attacker could trick a local user into running dstat from a directory containing a Python script that is named like an importable module, they could execute arbitrary code with the privileges of the user running dstat. (CVE-2009-3894)
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60698
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60698
    title Scientific Linux Security Update : dstat on SL5.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-12674.NASL
    description This release fixes above mentioned security issue, adds several enhancements and fixes few other bugs. For complete information, please see changelog. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 43011
    published 2009-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43011
    title Fedora 12 : dstat-0.7.0-1.fc12 (2009-12674)
oval via4
accepted 2013-04-29T04:18:04.244-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Multiple untrusted search path vulnerabilities in dstat before 0.7.0 allow local users to gain privileges via a Trojan horse Python module in (1) the current working directory or (2) a certain subdirectory of the current working directory.
family unix
id oval:org.mitre.oval:def:8969
status accepted
submitted 2010-07-09T03:56:16-04:00
title Multiple untrusted search path vulnerabilities in dstat before 0.7.0 allow local users to gain privileges via a Trojan horse Python module in (1) the current working directory or (2) a certain subdirectory of the current working directory.
version 18
redhat via4
advisories
bugzilla
id 538459
title CVE-2009-3894 dstat insecure module search path
oval
AND
  • comment Red Hat Enterprise Linux 5 is installed
    oval oval:com.redhat.rhba:tst:20070331001
  • comment dstat is earlier than 0:0.6.6-3.el5_4.1
    oval oval:com.redhat.rhsa:tst:20091619002
  • comment dstat is signed with Red Hat redhatrelease key
    oval oval:com.redhat.rhsa:tst:20091619003
rhsa
id RHSA-2009:1619
released 2009-11-30
severity Moderate
title RHSA-2009:1619: dstat security update (Moderate)
rpms dstat-0:0.6.6-3.el5_4.1
refmap via4
bid 37131
confirm
gentoo GLSA-200911-04
mandriva MDVSA-2009:341
osvdb 60511
secunia
  • 37445
  • 37457
Last major update 01-09-2013 - 02:09
Published 29-11-2009 - 08:07
Last modified 18-09-2017 - 21:29
Back to Top