Robert Buchholz of the Gentoo Security Team reported that the dstat utilility contains a flaw in the python module search path used. dstat will search the current working directory for python modules. If a local user is able to trick another user into running dstat in a directory containing a malicious module, they could perform arbitrary actions with the permissions of the victim.
Public now via: http://svn.rpmforge.net/svn/trunk/tools/dstat/ChangeLog
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:1619 https://rhn.redhat.com/errata/RHSA-2009-1619.html
dstat-0.7.0-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/dstat-0.7.0-1.fc12
dstat-0.6.9-5.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/dstat-0.6.9-5.fc11
dstat-0.6.9-5.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
dstat-0.7.0-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.