Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 264433 (CVE-2008-6560)

Summary: <sys-cluster/cman-2.03.11 DOS (CVE-2008-6560)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: cluster
Priority: High Keywords: PMASKED
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=468966
Whiteboard: B4 [masked nomaskglsa]
Package list:
Runtime testing required: ---
Bug Depends on: 274922    
Bug Blocks:    

Description Stefan Behte (RETIRED) gentoo-dev Security 2009-03-31 20:10:02 UTC 
CVE-2008-6560 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6560):
  Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on
  Fedora 9 and Red Hat Enterprise Linux (RHEL) 5 allows attackers to
  cause a denial of service (CPU consumption and memory corruption) via
  a cluster.conf file with many lines.  NOTE: it is not clear whether
  this issue crosses privilege boundaries in realistic uses of the
  product.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2009-07-15 16:13:12 UTC 
ha-cluster, please bump to 2.03.11.
Comment 2 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-08-14 11:18:01 UTC 
QA scheduled the package for removal, bug 274922.

Maskglsa voting: no.
Comment 3 Pierre-Yves Rofes (RETIRED) gentoo-dev 2009-12-18 08:32:12 UTC 
No too, closing