GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Wed Sep 29, 2010 9:26 pm Post subject: [ GLSA 201009-09 ] fence: Multiple symlink vulnerabilities |
|
|
Gentoo Linux Security Advisory
Title: fence: Multiple symlink vulnerabilities (GLSA 201009-09)
Severity: normal
Exploitable: local
Date: September 29, 2010
Bug(s): #240576
ID: 201009-09
Synopsis
fence contains multiple programs containing vulnerabilities that may allow
local users to overwrite arbitrary files via a symlink attack.
Background
fence is an I/O group fencing system.
Affected Packages
Package: sys-cluster/fence
Vulnerable: < 2.03.09
Architectures: All supported architectures
Description
The fence_apc, fence_apc_snmp (CVE-2008-4579) and fence_manual
(CVE-2008-4580) programs contain symlink vulnerabilities.
Impact
These vulnerabilities may allow arbitrary files to be overwritten with
root privileges.
Workaround
There is no known workaround at this time.
Resolution
Gentoo discontinued support for fence. All fence users should uninstall
and choose another software that provides the same functionality.
Code: | # emerge --unmerge sys-cluster/fence |
References
CVE-2008-4579
CVE-2008-4580
Last edited by GLSA on Fri Jun 22, 2012 4:28 am; edited 1 time in total |
|