Vulnerabilities > CVE-2008-4580 - Unspecified vulnerability in Gentoo Cman and Fence
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN gentoo
nessus
Summary
fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows local users to modify arbitrary files via a symlink attack on the fence_manual.fifo temporary file.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201009-09.NASL description The remote host is affected by the vulnerability described in GLSA-201009-09 (fence: Multiple symlink vulnerabilities) The fence_apc, fence_apc_snmp (CVE-2008-4579) and fence_manual (CVE-2008-4580) programs contain symlink vulnerabilities. Impact : These vulnerabilities may allow arbitrary files to be overwritten with root privileges. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 49732 published 2010-10-06 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49732 title GLSA-201009-09 : fence: Multiple symlink vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-875-1.NASL description Multiple insecure temporary file handling vulnerabilities were discovered in Red Hat Cluster. A local attacker could exploit these to overwrite arbitrary local files via symlinks. (CVE-2008-4192, CVE-2008-4579, CVE-2008-4580, CVE-2008-6552) It was discovered that CMAN did not properly handle malformed configuration files. An attacker could cause a denial of service (via CPU consumption and memory corruption) in a node if the attacker were able to modify the cluster configuration for the node. (CVE-2008-6560). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 43368 published 2009-12-21 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43368 title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 : redhat-cluster, redhat-cluster-suite vulnerabilities (USN-875-1)
Statements
contributor | Tomas Hoger |
lastmodified | 2009-11-12 |
organization | Red Hat |
statement | Manual fencing agent is documented to only be provided for testing purposes and should not be used in production environments. Therefore, there is no plan to fix this flaw in Red Hat Cluster Suite for Red Hat Enterprise Linux 4, and in Red Hat Enterprise Linux 5. |