PublicDateAtUSN: 2009-03-31
Candidate: CVE-2008-6560
PublicDate: 2009-03-31 14:09:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6560
 https://ubuntu.com/security/notices/USN-875-1
Description:
 Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9
 and Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of
 service (CPU consumption and memory corruption) via a cluster.conf file
 with many lines.  NOTE: it is not clear whether this issue crosses
 privilege boundaries in realistic uses of the product.
Ubuntu-Description:
Notes:
 jdstrand> DoS, but requires access to cluster.conf, which is typically
  root owned
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=468966
Priority: low
Discovered-by:
Assigned-to: jdstrand
CVSS: 

Patches_redhat-cluster:
 upstream: http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=commitdiff;h=67fee9128e54c6c3fc3eae306b5b501f3029c3be
upstream_redhat-cluster: needs-triage
dapper_redhat-cluster: DNE
gutsy_redhat-cluster: DNE
hardy_redhat-cluster: released (2.20080227-0ubuntu1.3)
intrepid_redhat-cluster: released (2.20080826-0ubuntu1.3)
jaunty_redhat-cluster: not-affected
karmic_redhat-cluster: not-affected
devel_redhat-cluster: not-affected

Patches_redhat-cluster-suite:
upstream_redhat-cluster-suite: needs-triage
dapper_redhat-cluster-suite: not-affected (code-not-present)
gutsy_redhat-cluster-suite: needed (reached end-of-life)
hardy_redhat-cluster-suite: DNE
intrepid_redhat-cluster-suite: DNE
jaunty_redhat-cluster-suite: DNE
karmic_redhat-cluster-suite: DNE
devel_redhat-cluster-suite: DNE