CVE-2008-4192
Published: 29 September 2008
The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file.
Notes
Author | Note |
---|---|
jdstrand | up priority to low, as it may be possible to DoS the system (eg overwriting /etc/shadow with garbage data) |
Priority
Status
Package | Release | Status |
---|---|---|
redhat-cluster Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Not vulnerable
|
|
intrepid |
Released
(2.20080826-0ubuntu1.3)
|
|
jaunty |
Not vulnerable
(2.20090112-0ubuntu4)
|
|
karmic |
Not vulnerable
(2.20090112-0ubuntu4)
|
|
upstream |
Released
(2.20081102-1)
|
|
redhat-cluster-suite Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
feisty |
Not vulnerable
|
|
gutsy |
Not vulnerable
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
upstream |
Needs triage
|