CVE-2008-4580 - fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows local users to modify arbitrary

CVE-2008-4580

Summary

fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows local users to modify arbitrary files via a symlink attack on the fence_manual.fifo temporary file.

References

Vulnerable Configurations

cpe:2.3:a:gentoo:cman:2.02.00:r1:*:*:*:*:*:*
cpe:2.3:a:gentoo:cman:2.02.00:r1:*:*:*:*:*:*
cpe:2.3:a:gentoo:fence:2.02.00:r1:*:*:*:*:*:*
cpe:2.3:a:gentoo:fence:2.02.00:r1:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 13-02-2023 - 02:19)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

misc	http://bugs.gentoo.org/show_bug.cgi?id=240576
mlist	[oss-security] 20081013 Re: CVE Request [oss-security] 20081016 Re: CVE Request
ubuntu	USN-875-1
xf	fence-fencemanual-symlink(45953)

statements via4

contributor	Tomas Hoger
lastmodified	2009-11-12
organization	Red Hat
statement	Manual fencing agent is documented to only be provided for testing purposes and should not be used in production environments. Therefore, there is no plan to fix this flaw in Red Hat Cluster Suite for Red Hat Enterprise Linux 4, and in Red Hat Enterprise Linux 5.

Last major update

13-02-2023 - 02:19

Published

15-10-2008 - 20:08

Last modified

13-02-2023 - 02:19