CVE-2008-4192
Published: 29 September 2008
The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file.
Notes
| Author | Note |
|---|---|
| jdstrand | up priority to low, as it may be possible to DoS the system (eg overwriting /etc/shadow with garbage data) |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
redhat-cluster Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| feisty |
Does not exist
|
|
| gutsy |
Does not exist
|
|
| hardy |
Not vulnerable
|
|
| intrepid |
Released
(2.20080826-0ubuntu1.3)
|
|
| jaunty |
Not vulnerable
(2.20090112-0ubuntu4)
|
|
| karmic |
Not vulnerable
(2.20090112-0ubuntu4)
|
|
| upstream |
Released
(2.20081102-1)
|
|
|
redhat-cluster-suite Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
| feisty |
Not vulnerable
|
|
| gutsy |
Not vulnerable
|
|
| hardy |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| upstream |
Needs triage
|