Joined: 12 May 2004
|Posted: Wed Sep 29, 2010 9:26 pm Post subject: [ GLSA 201009-09 ] fence: Multiple symlink vulnerabilities
|Gentoo Linux Security Advisory
Title: fence: Multiple symlink vulnerabilities (GLSA 201009-09)
Date: September 29, 2010
fence contains multiple programs containing vulnerabilities that may allow
local users to overwrite arbitrary files via a symlink attack.
fence is an I/O group fencing system.
Vulnerable: < 2.03.09
Architectures: All supported architectures
The fence_apc, fence_apc_snmp (CVE-2008-4579) and fence_manual
(CVE-2008-4580) programs contain symlink vulnerabilities.
These vulnerabilities may allow arbitrary files to be overwritten with
There is no known workaround at this time.
Gentoo discontinued support for fence. All fence users should uninstall
and choose another software that provides the same functionality.
|# emerge --unmerge sys-cluster/fence |
Last edited by GLSA on Fri Jun 22, 2012 4:28 am; edited 1 time in total