Comment 1 Matt Drew (RETIRED) 2007-06-25 15:55:59 UTC

Setting status.  It's not clear what version this applies to, I'm assuming the latest.  Also the daemon appears to run as root, there are no provisions for privilege reduction in /etc/conf.d/cman or /etc/init.d/cman and no user in /etc/passwd to reduce privileges to.

Comment 2 Pierre-Yves Rofes (RETIRED) 2007-07-01 12:22:27 UTC

any news here? btw, CVE ids are:
CVE-2007-3373
CVE-2007-3374

Comment 3 Pierre-Yves Rofes (RETIRED) 2007-07-14 22:31:27 UTC

ha-cluster, please advise.

Comment 4 Matt Drew (RETIRED) 2007-07-30 10:40:11 UTC

ha-cluster please advise.

Comment 5 Markus Dittrich (RETIRED) 2007-09-08 13:47:20 UTC

This issue seems to affect cluster project 2.x whereas we
only have 1.x in the tree hence we are likely not affected.
I've grepped through the source and couldn't find any 
instance of the problematic code reported. Maybe somebody
from ha-cluster can confirm this??

Markus 

Comment 6 Sune Kloppenborg Jeppesen (RETIRED) 2007-09-08 15:23:50 UTC

Thx Markus. Closing as INVALID for now.