CVE-2008-4580

Published Oct 15, 2008

Last updated 2 years ago

Overview

Description: fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows local users to modify arbitrary files via a symlink attack on the fence_manual.fifo temporary file.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-59

Hype score: Not currently trending

Vendor comments

Red HatManual fencing agent is documented to only be provided for testing purposes and should not be used in production environments. Therefore, there is no plan to fix this flaw in Red Hat Cluster Suite for Red Hat Enterprise Linux 4, and in Red Hat Enterprise Linux 5.

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:gentoo:cman:2.02.00:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C3CBF73-99E7-4562-AA18-19EA3D9AF2D5"
          },
          {
            "criteria": "cpe:2.3:a:gentoo:fence:2.02.00:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E9BCDBC-4566-417D-AEB6-B1377519648A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Vendor comments

Configurations

References