Summary: | sys-cluster/fence-2.02.00-r1 symlink vulnerability (CVE-2008-{4579,4580}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | jaak |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://thread.gmane.org/gmane.comp.security.oss.general/1047/focus=1050 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Stefan Behte (RETIRED)
2008-10-08 19:46:26 UTC
http://www.openwall.com/lists/oss-security/2008/10/13/3 Seems there is also a hole in fence_manual / fence_ack_manual fifo handling, it's a different bug, but I guess we can fix both in this bug #. CVE-2008-4579 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4579): The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file. CVE-2008-4580 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4580): fence_manual in fence allows local users to modify arbitrary files via a symlink attack on the fence_manual.fifo temporary file. ha-cluster: *ping* ha-cluster: Looks like you did some bumping. Can you please ascertain/confirm whether this issue is fixed in your newer ebuilds? (In reply to comment #4) > ha-cluster: Looks like you did some bumping. Can you please ascertain/confirm > whether this issue is fixed in your newer ebuilds? > Thanks! I found this at the Debian bugtracker: * New upstream release version 2.03.09. - Upstream code audit fixes several tmpfile race conditions, among them CVE-2008-4579 and CVE-2008-4580. (Closes: #496410) We have that version in the tree, stabled, old versions are removed. So, GLSA voting time! Ready to vote, I vote YES. What about you, a3li? ;) YES, filed There is no sys-cluster/fence in portage any more. GLSA 201009-09, thanks everyone. |