1. CVE-Search
  2. CVE-2010-3389
ID CVE-2010-3389
Summary The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
References
Vulnerable Configurations
  • cpe:2.3:a:linux-ha:ocf_resource_agents:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:linux-ha:ocf_resource_agents:1.0.3:*:*:*:*:*:*:*
CVSS
Base: 6.9 (as of 02-02-2012 - 03:58)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:M/Au:N/C:C/I:C/A:C
redhat via4
advisories
  • bugzilla
    id 711521
    title Dependencies in independent_tree resources does not work as expected
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331005
      • comment rgmanager is earlier than 0:2.0.52-21.el5
        oval oval:com.redhat.rhsa:tst:20111000001
      • comment rgmanager is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20091339002
    rhsa
    id RHSA-2011:1000
    released 2011-07-21
    severity Low
    title RHSA-2011:1000: rgmanager security, bug fix, and enhancement update (Low)
  • bugzilla
    id 727643
    title Modify major resource-agent agents to provide proper return codes to pacemaker
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment resource-agents is earlier than 0:3.9.2-7.el6
        oval oval:com.redhat.rhsa:tst:20111580001
      • comment resource-agents is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111580002
    rhsa
    id RHSA-2011:1580
    released 2011-12-05
    severity Low
    title RHSA-2011:1580: resource-agents security, bug fix, and enhancement update (Low)
  • rhsa
    id RHSA-2011:0264
rpms
  • rgmanager-0:1.9.88-2.el4
  • rgmanager-debuginfo-0:1.9.88-2.el4
  • rgmanager-0:2.0.52-21.el5
  • rgmanager-debuginfo-0:2.0.52-21.el5
  • resource-agents-0:3.9.2-7.el6
  • resource-agents-debuginfo-0:3.9.2-7.el6
refmap via4
confirm
gentoo GLSA-201110-18
secunia 43372
vupen ADV-2011-0416
Last major update 02-02-2012 - 03:58
Published 20-10-2010 - 18:00
Last modified 02-02-2012 - 03:58
Back to Top