Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 201009-09 ] fence: Multiple symlink vulnerabilities
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Veteran
Veteran


Joined: 12 May 2004
Posts: 1563

PostPosted: Wed Sep 29, 2010 9:26 pm    Post subject: [ GLSA 201009-09 ] fence: Multiple symlink vulnerabilities Reply with quote

Gentoo Linux Security Advisory

Title: fence: Multiple symlink vulnerabilities (GLSA 201009-09)
Severity: normal
Exploitable: local
Date: September 29, 2010
Bug(s): #240576
ID: 201009-09

Synopsis


fence contains multiple programs containing vulnerabilities that may allow
local users to overwrite arbitrary files via a symlink attack.


Background


fence is an I/O group fencing system.


Affected Packages

Package: sys-cluster/fence
Vulnerable: < 2.03.09
Architectures: All supported architectures


Description


The fence_apc, fence_apc_snmp (CVE-2008-4579) and fence_manual
(CVE-2008-4580) programs contain symlink vulnerabilities.


Impact


These vulnerabilities may allow arbitrary files to be overwritten with
root privileges.


Workaround


There is no known workaround at this time.


Resolution


Gentoo discontinued support for fence. All fence users should uninstall
and choose another software that provides the same functionality.
Code:
# emerge --unmerge sys-cluster/fence


References

CVE-2008-4579
CVE-2008-4580


Last edited by GLSA on Fri Jun 22, 2012 4:28 am; edited 1 time in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum