Vulnerabilities > CVE-2008-4580 - Unspecified vulnerability in Gentoo Cman and Fence

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
gentoo
nessus

Summary

fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows local users to modify arbitrary files via a symlink attack on the fence_manual.fifo temporary file.

Vulnerable Configurations

Part Description Count
Application
Gentoo
2

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201009-09.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201009-09 (fence: Multiple symlink vulnerabilities) The fence_apc, fence_apc_snmp (CVE-2008-4579) and fence_manual (CVE-2008-4580) programs contain symlink vulnerabilities. Impact : These vulnerabilities may allow arbitrary files to be overwritten with root privileges. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id49732
    published2010-10-06
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49732
    titleGLSA-201009-09 : fence: Multiple symlink vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-875-1.NASL
    descriptionMultiple insecure temporary file handling vulnerabilities were discovered in Red Hat Cluster. A local attacker could exploit these to overwrite arbitrary local files via symlinks. (CVE-2008-4192, CVE-2008-4579, CVE-2008-4580, CVE-2008-6552) It was discovered that CMAN did not properly handle malformed configuration files. An attacker could cause a denial of service (via CPU consumption and memory corruption) in a node if the attacker were able to modify the cluster configuration for the node. (CVE-2008-6560). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43368
    published2009-12-21
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43368
    titleUbuntu 6.06 LTS / 8.04 LTS / 8.10 : redhat-cluster, redhat-cluster-suite vulnerabilities (USN-875-1)

Statements

contributorTomas Hoger
lastmodified2009-11-12
organizationRed Hat
statementManual fencing agent is documented to only be provided for testing purposes and should not be used in production environments. Therefore, there is no plan to fix this flaw in Red Hat Cluster Suite for Red Hat Enterprise Linux 4, and in Red Hat Enterprise Linux 5.